@jsonstudio/rcc 0.89.1803 → 0.89.1959

package/dist/providers/core/runtime/http-transport-provider.js

@@ -8,7 +8,7 @@
  *
  * 各协议具体行为（OpenAI Chat、Responses、Anthropic、Gemini 等）通过子类覆写钩子实现。
  */
-import { createHash } from 'node:crypto';
+import { createHash, createHmac } from 'node:crypto';
 import { BaseProvider } from './base-provider.js';
 import { HttpClient } from '../utils/http-client.js';
 import { DynamicProfileLoader, ServiceProfileValidator } from '../config/service-profiles.js';
@@ -17,13 +17,14 @@ import { OAuthAuthProvider } from '../../auth/oauth-auth.js';
 import { logOAuthDebug } from '../../auth/oauth-logger.js';
 import { TokenFileAuthProvider } from '../../auth/tokenfile-auth.js';
 import { IflowCookieAuthProvider } from '../../auth/iflow-cookie-auth.js';
-import { ensureValidOAuthToken, handleUpstreamInvalidOAuthToken } from '../../auth/oauth-lifecycle.js';
+import { ensureValidOAuthToken, handleUpstreamInvalidOAuthToken, shouldTriggerInteractiveOAuthRepair } from '../../auth/oauth-lifecycle.js';
 import { attachProviderSseSnapshotStream, writeProviderSnapshot } from '../utils/snapshot-writer.js';
 import { attachProviderRuntimeMetadata, extractProviderRuntimeMetadata } from './provider-runtime-metadata.js';
 import { buildVisionSnapshotPayload, shouldCaptureVisionDebug, summarizeVisionMessages } from './vision-debug-utils.js';
 import { OpenAIChatProtocolClient } from '../../../client/openai/chat-protocol-client.js';
 import { HttpRequestExecutor } from './http-request-executor.js';
 import { extractStatusCodeFromError } from './provider-error-classifier.js';
+import { getProviderFamilyProfile } from '../../profile/profile-registry.js';
 const isRecord = (value) => typeof value === 'object' && value !== null;
 const DEFAULT_USER_AGENT = 'codex_cli_rs/0.73.0 (Mac OS 15.6.1; arm64) iTerm.app/3.6.5';
 export class HttpTransportProvider extends BaseProvider {
@@ -234,11 +235,27 @@ export class HttpTransportProvider extends BaseProvider {
             const oauthAuth = auth;
             const oauthProviderId = resolvedOAuthProviderId ?? serviceProfileKey;
             this.oauthProviderId = oauthProviderId;
+            const familyProfile = getProviderFamilyProfile({
+                providerId: this.config.config.providerId,
+                providerType: this.providerType,
+                oauthProviderId
+            });
+            const profileTokenFileMode = familyProfile?.resolveOAuthTokenFileMode?.({
+                oauthProviderId,
+                auth: {
+                    clientId: oauthAuth.clientId,
+                    tokenUrl: oauthAuth.tokenUrl,
+                    deviceCodeUrl: oauthAuth.deviceCodeUrl
+                },
+                moduleType: this.type
+            });
             // For providers like Qwen/iflow/Gemini CLI where public OAuth client may not be available,
             // allow reading tokens produced by external login tools (CLIProxyAPI) via token file.
-            const useTokenFile = (oauthProviderId === 'qwen' ||
-                oauthProviderId === 'iflow' ||
-                this.type === 'gemini-cli-http-provider') &&
+            const useTokenFile = (typeof profileTokenFileMode === 'boolean'
+                ? profileTokenFileMode
+                : (oauthProviderId === 'qwen' ||
+                    oauthProviderId === 'iflow' ||
+                    this.type === 'gemini-cli-http-provider')) &&
                 !oauthAuth.clientId &&
                 !oauthAuth.tokenUrl &&
                 !oauthAuth.deviceCodeUrl;
@@ -318,6 +335,7 @@ export class HttpTransportProvider extends BaseProvider {
             shouldRetryHttpError: this.shouldRetryHttpError.bind(this),
             delayBeforeHttpRetry: this.delayBeforeHttpRetry.bind(this),
             tryRecoverOAuthAndReplay: this.tryRecoverOAuthAndReplay.bind(this),
+            resolveBusinessResponseError: this.resolveProfileBusinessResponseError.bind(this),
             normalizeHttpError: this.normalizeHttpError.bind(this)
         };
     }
@@ -430,8 +448,15 @@ export class HttpTransportProvider extends BaseProvider {
         const context = this.createProviderContext();
         return this.requestExecutor.execute(request, context);
     }
-    wantsUpstreamSse(_request, _context) {
-        return false;
+    wantsUpstreamSse(request, context) {
+        const runtimeMetadata = context.runtimeMetadata ?? this.getCurrentRuntimeMetadata();
+        const familyProfile = this.resolveFamilyProfile(runtimeMetadata);
+        const profileResolved = familyProfile?.resolveStreamIntent?.({
+            request,
+            context,
+            runtimeMetadata
+        });
+        return typeof profileResolved === 'boolean' ? profileResolved : false;
     }
     applyStreamModeHeaders(headers, wantsSse) {
         const normalized = { ...headers };
@@ -442,10 +467,27 @@ export class HttpTransportProvider extends BaseProvider {
             delete normalized[acceptKey];
         }
         normalized['Accept'] = wantsSse ? 'text/event-stream' : 'application/json';
+        const runtimeMetadata = this.getCurrentRuntimeMetadata();
+        const familyProfile = this.resolveFamilyProfile(runtimeMetadata);
+        const profileHeaders = familyProfile?.applyStreamModeHeaders?.({
+            headers: normalized,
+            wantsSse,
+            runtimeMetadata
+        });
+        if (profileHeaders && typeof profileHeaders === 'object') {
+            return profileHeaders;
+        }
         return normalized;
     }
-    prepareSseRequestBody(_body, _context) {
-        // default no-op
+    prepareSseRequestBody(body, context) {
+        const runtimeMetadata = context?.runtimeMetadata ?? this.getCurrentRuntimeMetadata();
+        const familyProfile = this.resolveFamilyProfile(runtimeMetadata);
+        const effectiveContext = context ?? this.createProviderContext();
+        familyProfile?.prepareStreamBody?.({
+            body,
+            context: effectiveContext,
+            runtimeMetadata
+        });
     }
     async wrapUpstreamSseResponse(stream, _context) {
         return { __sse_responses: stream };
@@ -482,6 +524,39 @@ export class HttpTransportProvider extends BaseProvider {
     async tryRecoverOAuthAndReplay(error, requestInfo, processedRequest, captureSse, context) {
         try {
             const providerAuth = this.config.config.auth;
+            const authRawType = typeof providerAuth.rawType === 'string'
+                ? String(providerAuth.rawType).trim().toLowerCase()
+                : '';
+            const isDeepSeekAccount = authRawType === 'deepseek-account';
+            if (isDeepSeekAccount) {
+                const statusCode = extractStatusCodeFromError(error);
+                const authProvider = this.authProvider;
+                if (statusCode === 401 && authProvider?.refreshCredentials) {
+                    await authProvider.refreshCredentials();
+                    const retryHeaders = await this.buildRequestHeaders();
+                    let finalRetryHeaders = await this.finalizeRequestHeaders(retryHeaders, processedRequest);
+                    finalRetryHeaders = this.applyStreamModeHeaders(finalRetryHeaders, requestInfo.wantsSse);
+                    if (requestInfo.wantsSse) {
+                        const upstreamStream = await this.httpClient.postStream(requestInfo.targetUrl, requestInfo.body, finalRetryHeaders);
+                        const streamForHost = captureSse
+                            ? attachProviderSseSnapshotStream(upstreamStream, {
+                                requestId: context.requestId,
+                                headers: finalRetryHeaders,
+                                url: requestInfo.targetUrl,
+                                entryEndpoint: requestInfo.entryEndpoint,
+                                clientRequestId: requestInfo.clientRequestId,
+                                providerKey: context.providerKey,
+                                providerId: context.providerId,
+                                extra: { retry: true, authRefresh: true }
+                            })
+                            : upstreamStream;
+                        return await this.wrapUpstreamSseResponse(streamForHost, context);
+                    }
+                    const response = await this.httpClient.post(requestInfo.targetUrl, requestInfo.body, finalRetryHeaders);
+                    return response;
+                }
+                return undefined;
+            }
             if (this.normalizeAuthMode(providerAuth.type) !== 'oauth') {
                 return undefined;
             }
@@ -601,48 +676,150 @@ export class HttpTransportProvider extends BaseProvider {
         catch { /* non-blocking */ }
         return normalized;
     }
+    resolveProfileBusinessResponseError(response, context) {
+        const runtimeMetadata = context.runtimeMetadata ?? this.getCurrentRuntimeMetadata();
+        const familyProfile = this.resolveFamilyProfile(runtimeMetadata);
+        if (!familyProfile?.resolveBusinessResponseError) {
+            return undefined;
+        }
+        return familyProfile.resolveBusinessResponseError({
+            response,
+            runtimeMetadata
+        });
+    }
     /**
      * 为特定请求确定最终 endpoint（默认使用配置值，可由子类覆写）
      */
     resolveRequestEndpoint(request, defaultEndpoint) {
-        const metadataNode = request?.metadata &&
-            typeof request.metadata === 'object'
-            ? request.metadata
-            : undefined;
-        const isIflowWebSearch = metadataNode?.iflowWebSearch === true;
-        if (isIflowWebSearch) {
-            const entryEndpoint = typeof metadataNode?.entryEndpoint === 'string' && metadataNode.entryEndpoint.trim()
-                ? metadataNode.entryEndpoint.trim()
-                : undefined;
-            return entryEndpoint || '/chat/retrieve';
+        const protocolResolvedEndpoint = this.protocolClient.resolveEndpoint(request, defaultEndpoint);
+        const runtimeMetadata = this.getCurrentRuntimeMetadata();
+        const familyProfile = this.resolveFamilyProfile(runtimeMetadata);
+        const profileResolvedEndpoint = familyProfile?.resolveEndpoint?.({
+            request,
+            defaultEndpoint: protocolResolvedEndpoint,
+            runtimeMetadata
+        });
+        if (typeof profileResolvedEndpoint === 'string' && profileResolvedEndpoint.trim()) {
+            return profileResolvedEndpoint.trim();
+        }
+        const legacyEndpoint = this.resolveLegacyIflowEndpoint(request);
+        if (legacyEndpoint) {
+            return legacyEndpoint;
         }
-        return this.protocolClient.resolveEndpoint(request, defaultEndpoint);
+        return protocolResolvedEndpoint;
     }
     /**
      * 构造最终发送到上游的请求体，默认实现包含模型/令牌治理，可由子类覆写
      */
     buildHttpRequestBody(request) {
-        const metadataNode = request?.metadata &&
-            typeof request.metadata === 'object'
-            ? request.metadata
+        const runtimeMetadata = this.getCurrentRuntimeMetadata();
+        const familyProfile = this.resolveFamilyProfile(runtimeMetadata);
+        const defaultBody = this.protocolClient.buildRequestBody(request);
+        const profileBody = familyProfile?.buildRequestBody?.({
+            request,
+            defaultBody,
+            runtimeMetadata
+        });
+        if (profileBody && typeof profileBody === 'object') {
+            return profileBody;
+        }
+        const legacyBody = this.resolveLegacyIflowRequestBody(request);
+        if (legacyBody && typeof legacyBody === 'object') {
+            return legacyBody;
+        }
+        return defaultBody;
+    }
+    resolveFamilyProfile(runtimeMetadata) {
+        const targetNode = runtimeMetadata?.target && typeof runtimeMetadata.target === 'object'
+            ? runtimeMetadata.target
             : undefined;
-        const isIflowWebSearch = metadataNode?.iflowWebSearch === true;
-        if (isIflowWebSearch) {
-            const dataNode = request.data;
-            if (dataNode && typeof dataNode === 'object') {
-                return dataNode;
+        const normalize = (value) => {
+            if (typeof value !== 'string') {
+                return undefined;
             }
-            return {};
+            const normalized = value.trim().toLowerCase();
+            return normalized.length ? normalized : undefined;
+        };
+        return getProviderFamilyProfile({
+            providerFamily: normalize(runtimeMetadata?.providerFamily) ??
+                normalize(this.getRuntimeProfile()?.providerFamily),
+            providerId: normalize(runtimeMetadata?.providerId) ??
+                normalize(targetNode?.providerId) ??
+                normalize(this.config?.config?.providerId),
+            providerKey: normalize(runtimeMetadata?.providerKey) ??
+                normalize(targetNode?.providerKey) ??
+                normalize(this.getRuntimeProfile()?.providerKey),
+            providerType: normalize(runtimeMetadata?.providerType) ??
+                normalize(targetNode?.providerType) ??
+                normalize(this.config?.config?.providerType) ??
+                normalize(this.providerType),
+            oauthProviderId: normalize(this.oauthProviderId)
+        });
+    }
+    isIflowWebSearchRequest(request) {
+        const metadata = request.metadata;
+        if (!metadata || typeof metadata !== 'object') {
+            return false;
+        }
+        const flag = metadata.iflowWebSearch;
+        return flag === true;
+    }
+    resolveLegacyIflowEndpoint(request) {
+        if (!this.isIflowTransportRuntime(this.getCurrentRuntimeMetadata())) {
+            return undefined;
+        }
+        if (!this.isIflowWebSearchRequest(request)) {
+            return undefined;
         }
-        const built = this.protocolClient.buildRequestBody(request);
-        this.applyProviderSpecificBodyAdjustments(built);
-        return built;
+        const metadata = request.metadata;
+        const endpoint = metadata && typeof metadata.entryEndpoint === 'string'
+            ? (metadata.entryEndpoint || '').trim()
+            : '';
+        return endpoint || '/chat/retrieve';
+    }
+    resolveLegacyIflowRequestBody(request) {
+        if (!this.isIflowTransportRuntime(this.getCurrentRuntimeMetadata())) {
+            return undefined;
+        }
+        if (!this.isIflowWebSearchRequest(request)) {
+            return undefined;
+        }
+        const data = request.data;
+        if (data && typeof data === 'object') {
+            return data;
+        }
+        return {};
     }
     /**
      * 允许子类在 Hook 运行完后对头部做最终调整
      */
     async finalizeRequestHeaders(headers, request) {
-        return await this.protocolClient.finalizeHeaders(headers, request);
+        const finalized = await this.protocolClient.finalizeHeaders(headers, request);
+        const runtimeMetadata = this.getCurrentRuntimeMetadata();
+        const familyProfile = this.resolveFamilyProfile(runtimeMetadata);
+        const profileResolvedUa = await familyProfile?.resolveUserAgent?.({
+            uaFromConfig: this.findHeaderValue(finalized, 'User-Agent'),
+            uaFromService: undefined,
+            inboundUserAgent: undefined,
+            defaultUserAgent: DEFAULT_USER_AGENT,
+            runtimeMetadata
+        });
+        if (typeof profileResolvedUa === 'string' && profileResolvedUa.trim()) {
+            this.assignHeader(finalized, 'User-Agent', profileResolvedUa.trim());
+        }
+        const profileAdjustedHeaders = familyProfile?.applyRequestHeaders?.({
+            headers: finalized,
+            request,
+            runtimeMetadata,
+            isCodexUaMode: this.isCodexUaMode()
+        });
+        if (profileAdjustedHeaders && typeof profileAdjustedHeaders === 'object') {
+            return profileAdjustedHeaders;
+        }
+        if (this.isIflowTransportRuntime(runtimeMetadata)) {
+            this.enforceIflowCliHeaders(finalized);
+        }
+        return finalized;
     }
     // 私有方法
     validateConfig() {
@@ -718,8 +895,26 @@ export class HttpTransportProvider extends BaseProvider {
                 catch (error) {
                     const err = error;
                     const msg = err?.message ? String(err.message) : String(error);
-                    // Non-blocking: do not start device-code polling or crash requests here.
-                    // We'll let the upstream 401/403 path trigger interactive repair when appropriate.
+                    const authErr = (error instanceof Error ? error : new Error(msg));
+                    const needsInteractiveRepair = shouldTriggerInteractiveOAuthRepair(oauthProviderId, authErr);
+                    if (needsInteractiveRepair) {
+                        if (typeof authErr.statusCode !== 'number' && typeof authErr.status !== 'number') {
+                            authErr.statusCode = 401;
+                            authErr.status = 401;
+                        }
+                        if (typeof authErr.code !== 'string' || !authErr.code.trim()) {
+                            authErr.code = 'AUTH_INVALID_TOKEN';
+                        }
+                        // 非阻塞：后台触发修复，不等待本请求。
+                        void handleUpstreamInvalidOAuthToken(oauthProviderId, oauthAuth, authErr, {
+                            allowBlocking: false
+                        }).catch(() => {
+                            // ignore background repair errors
+                        });
+                        authErr.__routecodexAuthPreflightFatal = true;
+                        throw authErr;
+                    }
+                    // 非认证类的 ensureValid 错误只做日志，避免影响正常流量。
                     logOAuthDebug(`[OAuth] [headers] ensureValid skipped: ${msg}`);
                 }
                 try {
@@ -730,10 +925,22 @@ export class HttpTransportProvider extends BaseProvider {
                 }
             }
         }
-        catch {
+        catch (error) {
+            if (error &&
+                typeof error === 'object' &&
+                error.__routecodexAuthPreflightFatal === true) {
+                throw error;
+            }
             // bubble up in authHeaders build below
         }
         // 认证头部（如为 OAuth，若当前无有效 token 则尝试拉取/刷新一次再取 headers）
+        const providerAuth = this.config.config.auth;
+        const authRawType = typeof providerAuth.rawType === 'string'
+            ? String(providerAuth.rawType).trim().toLowerCase()
+            : '';
+        if (authRawType === 'deepseek-account' && this.authProvider?.validateCredentials) {
+            await this.authProvider.validateCredentials();
+        }
         let authHeaders = {};
         authHeaders = this.authProvider?.buildHeaders() || {};
         const finalHeaders = {
@@ -761,9 +968,17 @@ export class HttpTransportProvider extends BaseProvider {
         // 因此对 iflow：service/profile 的 UA 优先级应高于 inbound client userAgent，
         // 否则客户端 UA 会把模拟头部冲掉，触发 HTTP 200 + status=435 "Model not support"。
         const isIflow = this.isIflowTransportRuntime(runtimeMetadata);
-        const resolvedUa = isIflow
+        const familyProfile = this.resolveFamilyProfile(runtimeMetadata);
+        const profileResolvedUa = await familyProfile?.resolveUserAgent?.({
+            uaFromConfig,
+            uaFromService,
+            inboundUserAgent,
+            defaultUserAgent: DEFAULT_USER_AGENT,
+            runtimeMetadata
+        });
+        const resolvedUa = profileResolvedUa ?? (isIflow
             ? (uaFromConfig ?? uaFromService ?? inboundUserAgent ?? DEFAULT_USER_AGENT)
-            : (uaFromConfig ?? inboundUserAgent ?? uaFromService ?? DEFAULT_USER_AGENT);
+            : (uaFromConfig ?? inboundUserAgent ?? uaFromService ?? DEFAULT_USER_AGENT));
         this.assignHeader(finalHeaders, 'User-Agent', resolvedUa);
         // originator: do not invent one; only forward from config or inbound client.
         // gcli2api alignment: Gemini-family upstreams do not expect/need originator; avoid leaking client identifiers.
@@ -801,13 +1016,17 @@ export class HttpTransportProvider extends BaseProvider {
                 this.assignHeader(finalHeaders, 'conversation_id', resolvedConversationId);
             }
         }
-        if (!isAntigravity && this.isCodexUaMode()) {
+        const codexUaMode = this.isCodexUaMode();
+        if (!isAntigravity && codexUaMode) {
             this.ensureCodexSessionHeaders(finalHeaders, runtimeMetadata);
         }
         if (isAntigravity) {
             this.deleteHeader(finalHeaders, 'session_id');
             this.deleteHeader(finalHeaders, 'conversation_id');
         }
+        if (isIflow) {
+            this.enforceIflowCliHeaders(finalHeaders);
+        }
         return finalHeaders;
     }
     isCodexUaMode() {
@@ -927,6 +1146,56 @@ export class HttpTransportProvider extends BaseProvider {
         }
         this.assignHeader(headers, target, value);
     }
+    enforceIflowCliHeaders(headers) {
+        const resolvedSessionId = this.findHeaderValue(headers, 'session-id') ??
+            this.findHeaderValue(headers, 'session_id') ??
+            '';
+        const resolvedConversationId = this.findHeaderValue(headers, 'conversation-id') ??
+            this.findHeaderValue(headers, 'conversation_id') ??
+            resolvedSessionId;
+        if (resolvedSessionId) {
+            this.assignHeader(headers, 'session-id', resolvedSessionId);
+        }
+        if (resolvedConversationId) {
+            this.assignHeader(headers, 'conversation-id', resolvedConversationId);
+        }
+        const bearerApiKey = this.extractBearerApiKey(headers);
+        if (!bearerApiKey) {
+            return;
+        }
+        const userAgent = this.findHeaderValue(headers, 'User-Agent') ?? 'iFlow-Cli';
+        const timestamp = Date.now().toString();
+        const signature = this.buildIflowSignature(userAgent, resolvedSessionId, timestamp, bearerApiKey);
+        if (!signature) {
+            return;
+        }
+        this.assignHeader(headers, 'x-iflow-timestamp', timestamp);
+        this.assignHeader(headers, 'x-iflow-signature', signature);
+    }
+    extractBearerApiKey(headers) {
+        const authorization = this.findHeaderValue(headers, 'Authorization');
+        if (!authorization) {
+            return undefined;
+        }
+        const matched = authorization.match(/^Bearer\s+(.+)$/i);
+        if (!matched || !matched[1]) {
+            return undefined;
+        }
+        const apiKey = matched[1].trim();
+        return apiKey || undefined;
+    }
+    buildIflowSignature(userAgent, sessionId, timestamp, apiKey) {
+        if (!apiKey) {
+            return undefined;
+        }
+        const payload = `${userAgent}:${sessionId}:${timestamp}`;
+        try {
+            return createHmac('sha256', apiKey).update(payload, 'utf8').digest('hex');
+        }
+        catch {
+            return undefined;
+        }
+    }
     buildCodexIdentifier(kind, runtimeMetadata) {
         const fallbackId = runtimeMetadata?.metadata && typeof runtimeMetadata.metadata === 'object'
             ? runtimeMetadata.metadata.clientRequestId
@@ -1230,49 +1499,6 @@ export class HttpTransportProvider extends BaseProvider {
         }
         return Object.keys(normalized).length ? normalized : undefined;
     }
-    applyProviderSpecificBodyAdjustments(body) {
-        if (!body || typeof body !== 'object') {
-            return;
-        }
-        if (this.providerType === 'glm') {
-            this.trimGlmRequestMessages(body);
-        }
-    }
-    trimGlmRequestMessages(body) {
-        const container = body;
-        const rawMessages = container.messages;
-        if (!Array.isArray(rawMessages) || rawMessages.length === 0) {
-            return;
-        }
-        const messages = rawMessages;
-        for (let idx = messages.length - 1; idx >= 0; idx -= 1) {
-            const entry = messages[idx];
-            if (!entry || typeof entry !== 'object') {
-                continue;
-            }
-            if (entry.role !== 'assistant') {
-                continue;
-            }
-            const contentNode = entry.content;
-            if (typeof contentNode === 'string') {
-                continue;
-            }
-            if (contentNode === null || typeof contentNode === 'undefined') {
-                entry.content = '';
-                continue;
-            }
-            if (typeof contentNode === 'object') {
-                try {
-                    entry.content = JSON.stringify(contentNode);
-                }
-                catch {
-                    entry.content = '';
-                }
-                continue;
-            }
-            entry.content = String(contentNode);
-        }
-    }
 }
 const CODEX_IDENTIFIER_MAX_LENGTH = 64;
 //# sourceMappingURL=http-transport-provider.js.map