@jsonstudio/rcc 0.89.1968 → 0.89.2202

package/dist/providers/core/runtime/http-transport-provider.js

@@ -8,25 +8,23 @@
  *
  * 各协议具体行为（OpenAI Chat、Responses、Anthropic、Gemini 等）通过子类覆写钩子实现。
  */
-import { createHash, createHmac } from 'node:crypto';
 import { BaseProvider } from './base-provider.js';
-import { HttpClient } from '../utils/http-client.js';
-import { DynamicProfileLoader, ServiceProfileValidator } from '../config/service-profiles.js';
-import { ApiKeyAuthProvider } from '../../auth/apikey-auth.js';
-import { OAuthAuthProvider } from '../../auth/oauth-auth.js';
-import { logOAuthDebug } from '../../auth/oauth-logger.js';
-import { TokenFileAuthProvider } from '../../auth/tokenfile-auth.js';
-import { IflowCookieAuthProvider } from '../../auth/iflow-cookie-auth.js';
-import { ensureValidOAuthToken, handleUpstreamInvalidOAuthToken, shouldTriggerInteractiveOAuthRepair } from '../../auth/oauth-lifecycle.js';
-import { attachProviderSseSnapshotStream, writeProviderSnapshot } from '../utils/snapshot-writer.js';
-import { attachProviderRuntimeMetadata, extractProviderRuntimeMetadata } from './provider-runtime-metadata.js';
-import { buildVisionSnapshotPayload, shouldCaptureVisionDebug, summarizeVisionMessages } from './vision-debug-utils.js';
+import { captureVisionDebugPayloadSnapshot, logVisionDebugSummary } from './vision-debug-utils.js';
 import { OpenAIChatProtocolClient } from '../../../client/openai/chat-protocol-client.js';
 import { HttpRequestExecutor } from './http-request-executor.js';
-import { extractStatusCodeFromError } from './provider-error-classifier.js';
-import { getProviderFamilyProfile } from '../../profile/profile-registry.js';
-const isRecord = (value) => typeof value === 'object' && value !== null;
-const DEFAULT_USER_AGENT = 'codex_cli_rs/0.73.0 (Mac OS 15.6.1; arm64) iTerm.app/3.6.5';
+import { normalizeProviderHttpError } from './provider-http-executor-utils.js';
+import { RuntimeEndpointResolver } from './runtime-endpoint-resolver.js';
+import { ProviderRequestPreprocessor } from './provider-request-preprocessor.js';
+import { buildProviderRequestExecutorDeps } from './provider-request-executor-deps-factory.js';
+import { buildPostprocessedProviderResponse } from './provider-response-postprocessor.js';
+import { ServiceProfileResolver } from './service-profile-resolver.js';
+import { createTransportAuthProvider, createTransportHttpClient } from './provider-bootstrap-utils.js';
+import { createProviderRuntimeContext, resolveProviderProfileKey } from './provider-runtime-utils.js';
+import { buildProviderRequestHeaders, finalizeProviderRequestHeaders } from './provider-request-header-orchestrator.js';
+import { resolveLegacyIflowEndpoint as resolveLegacyIflowEndpointFromRequest, resolveLegacyIflowRequestBody as resolveLegacyIflowRequestBodyFromRequest, resolveProviderFamilyProfile } from './provider-family-profile-utils.js';
+import { applyProviderStreamModeHeaders, buildProviderHttpRequestBody, resolveProviderBusinessResponseError, resolveProviderRequestEndpoint, resolveProviderWantsUpstreamSse } from './provider-request-shaping-utils.js';
+// Transport submodules
+import { AuthModeUtils, RuntimeDetector } from './transport/index.js';
 export class HttpTransportProvider extends BaseProvider {
     type;
     authProvider = null;
@@ -58,7 +56,7 @@ export class HttpTransportProvider extends BaseProvider {
                 await this.authProvider.initialize();
                 const providerConfig = this.config.config;
                 const auth = providerConfig.auth;
-                const authMode = this.normalizeAuthMode(auth.type);
+                const authMode = AuthModeUtils.normalizeAuthMode(auth.type);
                 // Token 管理迁移后，OAuth 初始化交由 TokenManager/TokenDaemon 负责，
                 // 这里不再在服务器启动阶段主动跑 ensureValidOAuthToken，避免多余日志和上游调用。
                 if (authMode !== 'oauth') {
@@ -101,223 +99,40 @@ export class HttpTransportProvider extends BaseProvider {
     }
     getServiceProfile() {
         const cfg = this.config.config;
-        const profileKey = this.resolveProfileKey(cfg);
-        // Feature flag: 优先/强制使用 config-core 输出的 provider 行为字段
-        const useConfigCoreEnv = String(process.env.ROUTECODEX_USE_CONFIG_CORE_PROVIDER_DEFAULTS ||
-            process.env.RCC_USE_CONFIG_CORE_PROVIDER_DEFAULTS ||
-            '').trim().toLowerCase();
-        const forceConfigCoreDefaults = useConfigCoreEnv === '1' ||
-            useConfigCoreEnv === 'true' ||
-            useConfigCoreEnv === 'yes' ||
-            useConfigCoreEnv === 'on';
-        const baseFromCfg = (cfg.baseUrl || cfg.overrides?.baseUrl || '').trim();
-        const endpointFromCfg = (cfg.overrides?.endpoint || cfg.endpoint || '').trim();
-        const defaultModelFromCfg = (cfg.overrides?.defaultModel || cfg.defaultModel || '').trim();
-        const timeoutFromCfg = cfg.overrides?.timeout ?? cfg.timeout;
-        const maxRetriesFromCfg = cfg.overrides?.maxRetries ?? cfg.maxRetries;
-        const headersFromCfg = (cfg.overrides?.headers || cfg.headers);
-        const authCapsFromCfg = cfg.authCapabilities;
-        const hasConfigCoreProfile = !!baseFromCfg ||
-            !!endpointFromCfg ||
-            !!defaultModelFromCfg ||
-            typeof timeoutFromCfg === 'number' ||
-            typeof maxRetriesFromCfg === 'number' ||
-            !!authCapsFromCfg ||
-            !!headersFromCfg;
-        // 先从 service-profiles 取出基础 profile（用于补全缺失字段/校验）
-        const baseProfile = DynamicProfileLoader.buildServiceProfile(profileKey) ||
-            DynamicProfileLoader.buildServiceProfile(this.providerType);
-        // 如果 config-core 已提供字段，或强制要求使用 config-core，则以 config-core 为主
-        if (hasConfigCoreProfile || forceConfigCoreDefaults) {
-            if (forceConfigCoreDefaults) {
-                // 严格模式下，关键字段缺失直接 Fail Fast
-                if (!baseFromCfg) {
-                    throw new Error(`Provider config-core defaults missing baseUrl for providerId=${profileKey}`);
-                }
-                if (!endpointFromCfg && !baseProfile?.defaultEndpoint) {
-                    throw new Error(`Provider config-core defaults missing endpoint for providerId=${profileKey}`);
-                }
-            }
-            const defaultBaseUrl = baseFromCfg ||
-                baseProfile?.defaultBaseUrl ||
-                'https://api.openai.com/v1';
-            const defaultEndpoint = endpointFromCfg ||
-                baseProfile?.defaultEndpoint ||
-                '/chat/completions';
-            const defaultModel = (defaultModelFromCfg && defaultModelFromCfg.length > 0)
-                ? defaultModelFromCfg
-                : (baseProfile?.defaultModel ?? '');
-            const genericRequiredAuth = [];
-            const genericOptionalAuth = ['apikey', 'oauth'];
-            const requiredAuth = authCapsFromCfg?.required && authCapsFromCfg.required.length
-                ? authCapsFromCfg.required
-                : (baseProfile?.requiredAuth ?? genericRequiredAuth);
-            const optionalAuth = authCapsFromCfg?.optional && authCapsFromCfg.optional.length
-                ? authCapsFromCfg.optional
-                : (baseProfile?.optionalAuth ?? genericOptionalAuth);
-            const mergedHeaders = {
-                ...(baseProfile?.headers || {}),
-                ...(headersFromCfg || {})
-            };
-            const timeout = typeof timeoutFromCfg === 'number'
-                ? timeoutFromCfg
-                // 默认 Provider 请求超时时间：500s
-                : (baseProfile?.timeout ?? 500000);
-            const maxRetries = typeof maxRetriesFromCfg === 'number'
-                ? maxRetriesFromCfg
-                : (baseProfile?.maxRetries ?? 3);
-            return {
-                defaultBaseUrl,
-                defaultEndpoint,
-                defaultModel,
-                requiredAuth,
-                optionalAuth,
-                headers: mergedHeaders,
-                timeout,
-                maxRetries,
-                hooks: baseProfile?.hooks,
-                features: baseProfile?.features,
-                extensions: {
-                    ...(baseProfile?.extensions || {}),
-                    protocol: cfg.protocol || baseProfile?.extensions?.protocol
-                }
-            };
-        }
-        // 未提供 config-core provider 行为字段时，保持原有 service-profiles 行为
-        if (baseProfile) {
-            return baseProfile;
-        }
-        throw new Error(`Unknown providerType='${this.providerType}' (no service profile registered)`);
+        const profileKey = resolveProviderProfileKey({
+            moduleType: this.type,
+            providerType: this.providerType,
+            providerId: typeof cfg.providerId === 'string' ? cfg.providerId : undefined
+        });
+        return ServiceProfileResolver.resolve({
+            cfg,
+            profileKey,
+            providerType: this.providerType
+        });
     }
     createAuthProvider() {
-        const auth = this.config.config.auth;
-        const extensions = this.getConfigExtensions();
-        const authMode = this.normalizeAuthMode(auth.type);
-        this.authMode = authMode;
-        const resolvedOAuthProviderId = authMode === 'oauth'
-            ? this.ensureOAuthProviderId(auth, extensions)
-            : undefined;
-        const serviceProfileKey = this.type === 'gemini-cli-http-provider'
-            ? 'gemini-cli'
-            : (resolvedOAuthProviderId ?? this.providerType);
-        const validation = ServiceProfileValidator.validateServiceProfile(serviceProfileKey, authMode);
-        if (!validation.isValid) {
-            throw new Error(`Invalid auth configuration for ${serviceProfileKey}: ${validation.errors.join(', ')}`);
-        }
-        // 根据认证类型创建对应的认证提供者
-        if (authMode === 'apikey') {
-            const rawTypeValue = typeof auth.rawType === 'string'
-                ? String(auth.rawType)
-                : typeof auth.type === 'string'
-                    ? String(auth.type)
-                    : '';
-            const rawType = rawTypeValue.toLowerCase();
-            const providerId = typeof (this.config.config.providerId) === 'string'
-                ? this.config.config.providerId.toLowerCase()
-                : '';
-            const baseUrl = typeof this.config.config.baseUrl === 'string'
-                ? this.config.config.baseUrl.toLowerCase()
-                : '';
-            const isIflowFamily = providerId === 'iflow' ||
-                baseUrl.includes('apis.iflow.cn') ||
-                baseUrl.includes('iflow.cn');
-            // iFlow Cookie 模式：使用浏览器导出的 Cookie 交换 API Key，避免频繁走 OAuth。
-            if (isIflowFamily &&
-                (rawType === 'iflow-cookie' ||
-                    (!(auth.apiKey) &&
-                        (typeof auth.cookie === 'string' ||
-                            typeof auth.cookieFile === 'string')))) {
-                return new IflowCookieAuthProvider(auth);
-            }
-            return new ApiKeyAuthProvider(auth);
-        }
-        else if (authMode === 'oauth') {
-            const oauthAuth = auth;
-            const oauthProviderId = resolvedOAuthProviderId ?? serviceProfileKey;
-            this.oauthProviderId = oauthProviderId;
-            const familyProfile = getProviderFamilyProfile({
-                providerId: this.config.config.providerId,
-                providerType: this.providerType,
-                oauthProviderId
-            });
-            const profileTokenFileMode = familyProfile?.resolveOAuthTokenFileMode?.({
-                oauthProviderId,
-                auth: {
-                    clientId: oauthAuth.clientId,
-                    tokenUrl: oauthAuth.tokenUrl,
-                    deviceCodeUrl: oauthAuth.deviceCodeUrl
-                },
-                moduleType: this.type
-            });
-            // For providers like Qwen/iflow/Gemini CLI where public OAuth client may not be available,
-            // allow reading tokens produced by external login tools (CLIProxyAPI) via token file.
-            const useTokenFile = (typeof profileTokenFileMode === 'boolean'
-                ? profileTokenFileMode
-                : (oauthProviderId === 'qwen' ||
-                    oauthProviderId === 'iflow' ||
-                    this.type === 'gemini-cli-http-provider')) &&
-                !oauthAuth.clientId &&
-                !oauthAuth.tokenUrl &&
-                !oauthAuth.deviceCodeUrl;
-            if (useTokenFile) {
-                // Keep TokenFileAuthProvider pure: do not infer providerId from type/rawType.
-                // The creator already knows oauthProviderId and must pass it explicitly.
-                return new TokenFileAuthProvider({ ...oauthAuth, oauthProviderId });
-            }
-            return new OAuthAuthProvider(oauthAuth, oauthProviderId);
-        }
-        else {
-            throw new Error(`Unsupported auth type: ${auth.type}`);
-        }
+        const authBootstrap = createTransportAuthProvider({
+            config: this.config,
+            providerType: this.providerType,
+            moduleType: this.type,
+            serviceProfile: this.serviceProfile,
+            extensions: this.config.config.extensions && typeof this.config.config.extensions === 'object'
+                ? this.config.config.extensions
+                : undefined
+        });
+        this.authMode = authBootstrap.authMode;
+        this.oauthProviderId = authBootstrap.oauthProviderId;
+        return authBootstrap.authProvider;
     }
     createHttpClient() {
-        const profile = this.serviceProfile;
-        const effectiveBase = this.getEffectiveBaseUrl();
-        const envTimeout = Number(process.env.ROUTECODEX_PROVIDER_TIMEOUT_MS || process.env.RCC_PROVIDER_TIMEOUT_MS || NaN);
-        const effectiveTimeout = Number.isFinite(envTimeout) && envTimeout > 0
-            ? envTimeout
-            // 默认 Provider 请求超时时间：500s（可被 env / overrides 覆盖）
-            : (this.config.config.overrides?.timeout ?? profile.timeout ?? 500000);
-        const envRetries = Number(process.env.ROUTECODEX_PROVIDER_RETRIES || process.env.RCC_PROVIDER_RETRIES || NaN);
-        const effectiveRetries = Number.isFinite(envRetries) && envRetries >= 0
-            ? envRetries
-            : (this.config.config.overrides?.maxRetries ?? profile.maxRetries ?? 3);
-        const overrideHeaders = this.config.config.overrides?.headers ||
-            this.config.config.headers ||
-            undefined;
-        const envStreamIdleTimeoutMs = Number(process.env.ROUTECODEX_PROVIDER_STREAM_IDLE_TIMEOUT_MS ||
-            process.env.RCC_PROVIDER_STREAM_IDLE_TIMEOUT_MS ||
-            NaN);
-        const normalizedStreamIdleTimeoutMs = Number.isFinite(envStreamIdleTimeoutMs) && envStreamIdleTimeoutMs > 0
-            ? envStreamIdleTimeoutMs
-            : (typeof this.config.config.overrides?.streamIdleTimeoutMs === 'number' &&
-                Number.isFinite(this.config.config.overrides.streamIdleTimeoutMs)
-                ? this.config.config.overrides.streamIdleTimeoutMs
-                : undefined);
-        const envStreamHeadersTimeoutMs = Number(process.env.ROUTECODEX_PROVIDER_STREAM_HEADERS_TIMEOUT_MS ||
-            process.env.RCC_PROVIDER_STREAM_HEADERS_TIMEOUT_MS ||
-            NaN);
-        const normalizedStreamHeadersTimeoutMs = Number.isFinite(envStreamHeadersTimeoutMs) && envStreamHeadersTimeoutMs > 0
-            ? envStreamHeadersTimeoutMs
-            : (typeof this.config.config.overrides?.streamHeadersTimeoutMs === 'number' &&
-                Number.isFinite(this.config.config.overrides.streamHeadersTimeoutMs)
-                ? this.config.config.overrides.streamHeadersTimeoutMs
-                : undefined);
-        this.httpClient = new HttpClient({
-            baseUrl: effectiveBase,
-            timeout: effectiveTimeout,
-            maxRetries: effectiveRetries,
-            streamIdleTimeoutMs: normalizedStreamIdleTimeoutMs ?? profile.streamIdleTimeoutMs,
-            streamHeadersTimeoutMs: normalizedStreamHeadersTimeoutMs ?? profile.streamHeadersTimeoutMs,
-            defaultHeaders: {
-                'Content-Type': 'application/json',
-                ...(profile.headers || {}),
-                ...(overrideHeaders || {}),
-            }
+        this.httpClient = createTransportHttpClient({
+            config: this.config,
+            serviceProfile: this.serviceProfile,
+            effectiveBaseUrl: this.getEffectiveBaseUrl()
         });
     }
     createRequestExecutorDeps() {
-        return {
+        return buildProviderRequestExecutorDeps({
             wantsUpstreamSse: this.wantsUpstreamSse.bind(this),
             getEffectiveEndpoint: () => this.getEffectiveEndpoint(),
             resolveRequestEndpoint: this.resolveRequestEndpoint.bind(this),
@@ -328,121 +143,32 @@ export class HttpTransportProvider extends BaseProvider {
             getBaseUrlCandidates: this.getBaseUrlCandidates.bind(this),
             buildHttpRequestBody: this.buildHttpRequestBody.bind(this),
             prepareSseRequestBody: this.prepareSseRequestBody.bind(this),
-            getEntryEndpointFromPayload: this.getEntryEndpointFromPayload.bind(this),
-            getClientRequestIdFromContext: this.getClientRequestIdFromContext.bind(this),
             wrapUpstreamSseResponse: this.wrapUpstreamSseResponse.bind(this),
-            getHttpRetryLimit: () => this.getHttpRetryLimit(),
-            shouldRetryHttpError: this.shouldRetryHttpError.bind(this),
-            delayBeforeHttpRetry: this.delayBeforeHttpRetry.bind(this),
-            tryRecoverOAuthAndReplay: this.tryRecoverOAuthAndReplay.bind(this),
             resolveBusinessResponseError: this.resolveProfileBusinessResponseError.bind(this),
-            normalizeHttpError: this.normalizeHttpError.bind(this)
-        };
+            normalizeHttpError: this.normalizeHttpError.bind(this),
+            authProvider: this.authProvider,
+            oauthProviderId: this.oauthProviderId,
+            providerType: this.providerType,
+            config: this.config,
+            httpClient: this.httpClient
+        });
     }
     async preprocessRequest(request) {
         const context = this.createProviderContext();
         const runtimeMetadata = context.runtimeMetadata;
-        const headersFromRequest = this.normalizeClientHeaders(request?.metadata?.clientHeaders);
-        const headersFromRuntime = this.normalizeClientHeaders(runtimeMetadata?.metadata && typeof runtimeMetadata.metadata === 'object'
-            ? runtimeMetadata.metadata.clientHeaders
-            : undefined);
-        const effectiveClientHeaders = headersFromRequest ?? headersFromRuntime;
-        if (effectiveClientHeaders) {
-            if (runtimeMetadata) {
-                if (!runtimeMetadata.metadata || typeof runtimeMetadata.metadata !== 'object') {
-                    runtimeMetadata.metadata = {};
-                }
-                runtimeMetadata.metadata.clientHeaders = effectiveClientHeaders;
-            }
-        }
-        const ensureRuntimeMetadata = (payload) => {
-            if (!runtimeMetadata || !payload || typeof payload !== 'object') {
-                return;
-            }
-            attachProviderRuntimeMetadata(payload, runtimeMetadata);
-        };
-        // 初始请求预处理
         this.getRuntimeProfile();
-        const processedRequest = { ...request };
-        ensureRuntimeMetadata(processedRequest);
-        // 记录入站原始模型，便于响应阶段还原（不影响上游请求体）
-        try {
-            const requestCarrier = request;
-            const inboundModel = typeof requestCarrier?.model === 'string' ? requestCarrier.model : undefined;
-            const entryEndpoint = typeof requestCarrier?.metadata?.entryEndpoint === 'string'
-                ? requestCarrier.metadata.entryEndpoint
-                : requestCarrier?.entryEndpoint;
-            const streamFlag = typeof requestCarrier?.metadata?.stream === 'boolean'
-                ? requestCarrier.metadata.stream
-                : requestCarrier?.stream;
-            const processedMetadata = processedRequest.metadata ?? {};
-            processedRequest.metadata = {
-                ...processedMetadata,
-                ...(entryEndpoint ? { entryEndpoint } : {}),
-                ...(typeof streamFlag === 'boolean' ? { stream: !!streamFlag } : {}),
-                ...(effectiveClientHeaders ? { clientHeaders: effectiveClientHeaders } : {}),
-                __origModel: inboundModel
-            };
-        }
-        catch { /* ignore */ }
-        this.logVisionDebug('preprocess', processedRequest);
-        await this.captureVisionDebugSnapshot('provider-preprocess-debug', processedRequest);
+        const processedRequest = ProviderRequestPreprocessor.preprocess(request, runtimeMetadata);
+        logVisionDebugSummary('preprocess', processedRequest);
+        await captureVisionDebugPayloadSnapshot('provider-preprocess-debug', processedRequest);
         return processedRequest;
     }
     async postprocessResponse(response, context) {
         this.getRuntimeProfile();
-        const processingTime = Date.now() - context.startTime;
-        const processedResponse = response;
-        const originalRecord = this.asResponseRecord(response);
-        const processedRecord = this.asResponseRecord(processedResponse);
-        const sseStream = processedRecord.__sse_responses ||
-            processedRecord.data?.__sse_responses;
-        if (sseStream) {
-            return { __sse_responses: sseStream };
-        }
-        return {
-            data: processedRecord.data || processedResponse,
-            status: processedRecord.status ?? originalRecord.status,
-            headers: processedRecord.headers || originalRecord.headers,
-            metadata: {
-                requestId: context.requestId,
-                processingTime,
-                providerType: this.providerType,
-                // 对外暴露的 model 统一为入站模型
-                model: context.model ?? this.extractModel(processedRecord) ?? this.extractModel(originalRecord),
-                usage: this.extractUsage(processedRecord) ?? this.extractUsage(originalRecord)
-            }
-        };
-    }
-    logVisionDebug(stage, payload) {
-        const debug = shouldCaptureVisionDebug(payload);
-        if (!debug.enabled) {
-            return;
-        }
-        const summary = summarizeVisionMessages(payload);
-        const label = debug.routeName ?? 'vision';
-        console.debug(`[vision-debug][${stage}] route=${label} request=${debug.requestId ?? '-'} ${summary}`);
-    }
-    async captureVisionDebugSnapshot(stage, payload) {
-        const debug = shouldCaptureVisionDebug(payload);
-        if (!debug.enabled || !debug.requestId) {
-            return;
-        }
-        try {
-            const metadataNode = payload?.metadata;
-            const entryEndpoint = metadataNode && typeof metadataNode === 'object' && typeof metadataNode.entryEndpoint === 'string'
-                ? metadataNode.entryEndpoint
-                : undefined;
-            await writeProviderSnapshot({
-                phase: stage,
-                requestId: debug.requestId,
-                data: buildVisionSnapshotPayload(payload),
-                entryEndpoint
-            });
-        }
-        catch {
-            // snapshot is best-effort; ignore failures
-        }
+        return buildPostprocessedProviderResponse({
+            response,
+            context,
+            providerType: this.providerType
+        });
     }
     async sendRequestInternal(request) {
         const context = this.createProviderContext();
@@ -450,39 +176,30 @@ export class HttpTransportProvider extends BaseProvider {
     }
     wantsUpstreamSse(request, context) {
         const runtimeMetadata = context.runtimeMetadata ?? this.getCurrentRuntimeMetadata();
-        const familyProfile = this.resolveFamilyProfile(runtimeMetadata);
-        const profileResolved = familyProfile?.resolveStreamIntent?.({
+        return resolveProviderWantsUpstreamSse({
             request,
             context,
-            runtimeMetadata
+            runtimeMetadata,
+            familyProfile: this.resolveFamilyProfile(runtimeMetadata)
         });
-        return typeof profileResolved === 'boolean' ? profileResolved : false;
     }
     applyStreamModeHeaders(headers, wantsSse) {
-        const normalized = { ...headers };
-        const acceptKey = Object.keys(normalized).find((key) => key.toLowerCase() === 'accept');
-        // 上游 Accept 必须由我们“上游是否走 SSE”来决定；不能透传客户端的 SSE Accept。
-        // 否则会出现 “Accept: text/event-stream 但 body 无 stream 标记” 的组合（部分上游会返回 406）。
-        if (acceptKey) {
-            delete normalized[acceptKey];
-        }
-        normalized['Accept'] = wantsSse ? 'text/event-stream' : 'application/json';
         const runtimeMetadata = this.getCurrentRuntimeMetadata();
-        const familyProfile = this.resolveFamilyProfile(runtimeMetadata);
-        const profileHeaders = familyProfile?.applyStreamModeHeaders?.({
-            headers: normalized,
+        return applyProviderStreamModeHeaders({
+            headers,
             wantsSse,
-            runtimeMetadata
+            runtimeMetadata,
+            familyProfile: this.resolveFamilyProfile(runtimeMetadata)
         });
-        if (profileHeaders && typeof profileHeaders === 'object') {
-            return profileHeaders;
-        }
-        return normalized;
     }
     prepareSseRequestBody(body, context) {
         const runtimeMetadata = context?.runtimeMetadata ?? this.getCurrentRuntimeMetadata();
         const familyProfile = this.resolveFamilyProfile(runtimeMetadata);
-        const effectiveContext = context ?? this.createProviderContext();
+        const effectiveContext = context ?? createProviderRuntimeContext({
+            runtime: this.getCurrentRuntimeMetadata(),
+            serviceProfile: this.serviceProfile,
+            providerType: this.providerType
+        });
         familyProfile?.prepareStreamBody?.({
             body,
             context: effectiveContext,
@@ -502,332 +219,97 @@ export class HttpTransportProvider extends BaseProvider {
             return false;
         }
     }
-    getHttpRetryLimit() {
-        // Provider 层禁止重复尝试；失败后由虚拟路由负责 failover。
-        return 1;
-    }
-    async delayBeforeHttpRetry(attempt) {
-        const delay = Math.min(500 * attempt, 2000);
-        await new Promise((resolve) => setTimeout(resolve, delay));
-    }
-    shouldRetryHttpError(error, attempt, maxAttempts) {
-        if (attempt >= maxAttempts) {
-            return false;
-        }
-        const normalized = error;
-        const statusCode = extractStatusCodeFromError(normalized);
-        if (statusCode && statusCode >= 500) {
-            return true;
-        }
-        return false;
-    }
-    async tryRecoverOAuthAndReplay(error, requestInfo, processedRequest, captureSse, context) {
-        try {
-            const providerAuth = this.config.config.auth;
-            const authRawType = typeof providerAuth.rawType === 'string'
-                ? String(providerAuth.rawType).trim().toLowerCase()
-                : '';
-            const isDeepSeekAccount = authRawType === 'deepseek-account';
-            if (isDeepSeekAccount) {
-                const statusCode = extractStatusCodeFromError(error);
-                const authProvider = this.authProvider;
-                if (statusCode === 401 && authProvider?.refreshCredentials) {
-                    await authProvider.refreshCredentials();
-                    const retryHeaders = await this.buildRequestHeaders();
-                    let finalRetryHeaders = await this.finalizeRequestHeaders(retryHeaders, processedRequest);
-                    finalRetryHeaders = this.applyStreamModeHeaders(finalRetryHeaders, requestInfo.wantsSse);
-                    if (requestInfo.wantsSse) {
-                        const upstreamStream = await this.httpClient.postStream(requestInfo.targetUrl, requestInfo.body, finalRetryHeaders);
-                        const streamForHost = captureSse
-                            ? attachProviderSseSnapshotStream(upstreamStream, {
-                                requestId: context.requestId,
-                                headers: finalRetryHeaders,
-                                url: requestInfo.targetUrl,
-                                entryEndpoint: requestInfo.entryEndpoint,
-                                clientRequestId: requestInfo.clientRequestId,
-                                providerKey: context.providerKey,
-                                providerId: context.providerId,
-                                extra: { retry: true, authRefresh: true }
-                            })
-                            : upstreamStream;
-                        return await this.wrapUpstreamSseResponse(streamForHost, context);
-                    }
-                    const response = await this.httpClient.post(requestInfo.targetUrl, requestInfo.body, finalRetryHeaders);
-                    return response;
-                }
-                return undefined;
-            }
-            if (this.normalizeAuthMode(providerAuth.type) !== 'oauth') {
-                return undefined;
-            }
-            const shouldRetry = await handleUpstreamInvalidOAuthToken(this.oauthProviderId || this.providerType, providerAuth, error, 
-            // Never block server requests waiting for interactive OAuth.
-            // The repair flow (if needed) will run in background and Virtual Router should failover immediately.
-            { allowBlocking: false });
-            if (!shouldRetry) {
-                return undefined;
-            }
-            const retryHeaders = await this.buildRequestHeaders();
-            let finalRetryHeaders = await this.finalizeRequestHeaders(retryHeaders, processedRequest);
-            finalRetryHeaders = this.applyStreamModeHeaders(finalRetryHeaders, requestInfo.wantsSse);
-            if (requestInfo.wantsSse) {
-                const upstreamStream = await this.httpClient.postStream(requestInfo.targetUrl, requestInfo.body, finalRetryHeaders);
-                const streamForHost = captureSse
-                    ? attachProviderSseSnapshotStream(upstreamStream, {
-                        requestId: context.requestId,
-                        headers: finalRetryHeaders,
-                        url: requestInfo.targetUrl,
-                        entryEndpoint: requestInfo.entryEndpoint,
-                        clientRequestId: requestInfo.clientRequestId,
-                        providerKey: context.providerKey,
-                        providerId: context.providerId,
-                        extra: { retry: true }
-                    })
-                    : upstreamStream;
-                const wrapped = await this.wrapUpstreamSseResponse(streamForHost, context);
-                if (!captureSse) {
-                    try {
-                        await writeProviderSnapshot({
-                            phase: 'provider-response',
-                            requestId: context.requestId,
-                            data: { mode: 'sse', retry: true },
-                            headers: finalRetryHeaders,
-                            url: requestInfo.targetUrl,
-                            entryEndpoint: requestInfo.entryEndpoint,
-                            clientRequestId: requestInfo.clientRequestId,
-                            providerKey: context.providerKey,
-                            providerId: context.providerId
-                        });
-                    }
-                    catch { /* non-blocking */ }
-                }
-                return wrapped;
-            }
-            const response = await this.httpClient.post(requestInfo.targetUrl, requestInfo.body, finalRetryHeaders);
-            try {
-                await writeProviderSnapshot({
-                    phase: 'provider-response',
-                    requestId: context.requestId,
-                    data: response,
-                    headers: finalRetryHeaders,
-                    url: requestInfo.targetUrl,
-                    entryEndpoint: requestInfo.entryEndpoint,
-                    clientRequestId: requestInfo.clientRequestId,
-                    providerKey: context.providerKey,
-                    providerId: context.providerId
-                });
-            }
-            catch { /* non-blocking */ }
-            return response;
-        }
-        catch {
-            return undefined;
-        }
-    }
     async normalizeHttpError(error, processedRequest, requestInfo, context) {
-        const normalized = error;
-        try {
-            const statusCode = extractStatusCodeFromError(normalized);
-            if (statusCode && !Number.isNaN(statusCode)) {
-                normalized.statusCode = statusCode;
-                if (!normalized.status) {
-                    normalized.status = statusCode;
-                }
-                if (!normalized.code) {
-                    normalized.code = `HTTP_${statusCode}`;
-                }
-            }
-            if (!normalized.response) {
-                normalized.response = {};
-            }
-            if (!normalized.response.data) {
-                normalized.response.data = {};
-            }
-            if (!normalized.response.data.error) {
-                normalized.response.data.error = {};
-            }
-            if (normalized.code && !normalized.response.data.error.code) {
-                normalized.response.data.error.code = normalized.code;
-            }
-            if (normalized.message && !normalized.response.data.error.message) {
-                normalized.response.data.error.message = normalized.message;
-            }
-        }
-        catch {
-            /* ignore */
-        }
-        try {
-            await writeProviderSnapshot({
-                phase: 'provider-error',
-                requestId: context.requestId,
-                data: {
-                    status: normalized?.statusCode ?? normalized?.status ?? null,
-                    code: normalized?.code ?? null,
-                    error: typeof normalized?.message === 'string' ? normalized.message : String(error || '')
-                },
-                headers: requestInfo.headers,
-                url: requestInfo.targetUrl,
-                entryEndpoint: requestInfo.entryEndpoint ?? this.getEntryEndpointFromPayload(processedRequest),
-                clientRequestId: requestInfo.clientRequestId ?? this.getClientRequestIdFromContext(context),
-                providerKey: context.providerKey,
-                providerId: context.providerId
-            });
-        }
-        catch { /* non-blocking */ }
-        return normalized;
+        return normalizeProviderHttpError({
+            error,
+            processedRequest,
+            requestInfo,
+            context
+        });
     }
     resolveProfileBusinessResponseError(response, context) {
         const runtimeMetadata = context.runtimeMetadata ?? this.getCurrentRuntimeMetadata();
-        const familyProfile = this.resolveFamilyProfile(runtimeMetadata);
-        if (!familyProfile?.resolveBusinessResponseError) {
-            return undefined;
-        }
-        return familyProfile.resolveBusinessResponseError({
+        return resolveProviderBusinessResponseError({
             response,
-            runtimeMetadata
+            runtimeMetadata,
+            familyProfile: this.resolveFamilyProfile(runtimeMetadata)
         });
     }
     /**
      * 为特定请求确定最终 endpoint（默认使用配置值，可由子类覆写）
      */
     resolveRequestEndpoint(request, defaultEndpoint) {
-        const protocolResolvedEndpoint = this.protocolClient.resolveEndpoint(request, defaultEndpoint);
         const runtimeMetadata = this.getCurrentRuntimeMetadata();
-        const familyProfile = this.resolveFamilyProfile(runtimeMetadata);
-        const profileResolvedEndpoint = familyProfile?.resolveEndpoint?.({
+        return resolveProviderRequestEndpoint({
             request,
-            defaultEndpoint: protocolResolvedEndpoint,
-            runtimeMetadata
+            defaultEndpoint,
+            protocolClient: this.protocolClient,
+            runtimeMetadata,
+            familyProfile: this.resolveFamilyProfile(runtimeMetadata),
+            legacyEndpoint: this.resolveLegacyIflowEndpoint(request)
         });
-        if (typeof profileResolvedEndpoint === 'string' && profileResolvedEndpoint.trim()) {
-            return profileResolvedEndpoint.trim();
-        }
-        const legacyEndpoint = this.resolveLegacyIflowEndpoint(request);
-        if (legacyEndpoint) {
-            return legacyEndpoint;
-        }
-        return protocolResolvedEndpoint;
     }
     /**
      * 构造最终发送到上游的请求体，默认实现包含模型/令牌治理，可由子类覆写
      */
     buildHttpRequestBody(request) {
         const runtimeMetadata = this.getCurrentRuntimeMetadata();
-        const familyProfile = this.resolveFamilyProfile(runtimeMetadata);
-        const defaultBody = this.protocolClient.buildRequestBody(request);
-        const profileBody = familyProfile?.buildRequestBody?.({
+        return buildProviderHttpRequestBody({
             request,
-            defaultBody,
-            runtimeMetadata
+            protocolClient: this.protocolClient,
+            runtimeMetadata,
+            familyProfile: this.resolveFamilyProfile(runtimeMetadata),
+            legacyBody: this.resolveLegacyIflowRequestBody(request)
         });
-        if (profileBody && typeof profileBody === 'object') {
-            return profileBody;
-        }
-        const legacyBody = this.resolveLegacyIflowRequestBody(request);
-        if (legacyBody && typeof legacyBody === 'object') {
-            return legacyBody;
-        }
-        return defaultBody;
     }
     resolveFamilyProfile(runtimeMetadata) {
-        const targetNode = runtimeMetadata?.target && typeof runtimeMetadata.target === 'object'
-            ? runtimeMetadata.target
-            : undefined;
-        const normalize = (value) => {
-            if (typeof value !== 'string') {
-                return undefined;
-            }
-            const normalized = value.trim().toLowerCase();
-            return normalized.length ? normalized : undefined;
-        };
-        return getProviderFamilyProfile({
-            providerFamily: normalize(runtimeMetadata?.providerFamily) ??
-                normalize(this.getRuntimeProfile()?.providerFamily),
-            providerId: normalize(runtimeMetadata?.providerId) ??
-                normalize(targetNode?.providerId) ??
-                normalize(this.config?.config?.providerId),
-            providerKey: normalize(runtimeMetadata?.providerKey) ??
-                normalize(targetNode?.providerKey) ??
-                normalize(this.getRuntimeProfile()?.providerKey),
-            providerType: normalize(runtimeMetadata?.providerType) ??
-                normalize(targetNode?.providerType) ??
-                normalize(this.config?.config?.providerType) ??
-                normalize(this.providerType),
-            oauthProviderId: normalize(this.oauthProviderId)
+        return resolveProviderFamilyProfile({
+            runtimeMetadata,
+            runtimeProfile: this.getRuntimeProfile(),
+            configProviderId: this.config?.config?.providerId,
+            configProviderType: this.config?.config?.providerType,
+            providerType: this.providerType,
+            oauthProviderId: this.oauthProviderId
         });
     }
-    isIflowWebSearchRequest(request) {
-        const metadata = request.metadata;
-        if (!metadata || typeof metadata !== 'object') {
-            return false;
-        }
-        const flag = metadata.iflowWebSearch;
-        return flag === true;
-    }
     resolveLegacyIflowEndpoint(request) {
-        if (!this.isIflowTransportRuntime(this.getCurrentRuntimeMetadata())) {
-            return undefined;
-        }
-        if (!this.isIflowWebSearchRequest(request)) {
-            return undefined;
-        }
-        const metadata = request.metadata;
-        const endpoint = metadata && typeof metadata.entryEndpoint === 'string'
-            ? (metadata.entryEndpoint || '').trim()
-            : '';
-        return endpoint || '/chat/retrieve';
+        return resolveLegacyIflowEndpointFromRequest({
+            request,
+            isIflowRuntime: this.isIflowTransportRuntime(this.getCurrentRuntimeMetadata())
+        });
     }
     resolveLegacyIflowRequestBody(request) {
-        if (!this.isIflowTransportRuntime(this.getCurrentRuntimeMetadata())) {
-            return undefined;
-        }
-        if (!this.isIflowWebSearchRequest(request)) {
-            return undefined;
-        }
-        const data = request.data;
-        if (data && typeof data === 'object') {
-            return data;
-        }
-        return {};
+        return resolveLegacyIflowRequestBodyFromRequest({
+            request,
+            isIflowRuntime: this.isIflowTransportRuntime(this.getCurrentRuntimeMetadata())
+        });
     }
     /**
      * 允许子类在 Hook 运行完后对头部做最终调整
      */
     async finalizeRequestHeaders(headers, request) {
-        const finalized = await this.protocolClient.finalizeHeaders(headers, request);
         const runtimeMetadata = this.getCurrentRuntimeMetadata();
-        const familyProfile = this.resolveFamilyProfile(runtimeMetadata);
-        const profileResolvedUa = await familyProfile?.resolveUserAgent?.({
-            uaFromConfig: this.findHeaderValue(finalized, 'User-Agent'),
-            uaFromService: undefined,
-            inboundUserAgent: undefined,
-            defaultUserAgent: DEFAULT_USER_AGENT,
-            runtimeMetadata
-        });
-        if (typeof profileResolvedUa === 'string' && profileResolvedUa.trim()) {
-            this.assignHeader(finalized, 'User-Agent', profileResolvedUa.trim());
-        }
-        const profileAdjustedHeaders = familyProfile?.applyRequestHeaders?.({
-            headers: finalized,
+        return finalizeProviderRequestHeaders({
+            headers,
             request,
+            finalizeHeaders: (baseHeaders, req) => this.protocolClient.finalizeHeaders(baseHeaders, req),
             runtimeMetadata,
-            isCodexUaMode: this.isCodexUaMode()
+            familyProfile: this.resolveFamilyProfile(runtimeMetadata),
+            providerType: this.providerType,
+            isIflow: this.isIflowTransportRuntime(runtimeMetadata)
         });
-        if (profileAdjustedHeaders && typeof profileAdjustedHeaders === 'object') {
-            return profileAdjustedHeaders;
-        }
-        if (this.isIflowTransportRuntime(runtimeMetadata)) {
-            this.enforceIflowCliHeaders(finalized);
-        }
-        return finalized;
     }
     // 私有方法
     validateConfig() {
         const profile = this.serviceProfile;
         const cfg = this.config.config;
-        const profileKey = this.resolveProfileKey(cfg);
+        const profileKey = resolveProviderProfileKey({
+            moduleType: this.type,
+            providerType: this.providerType,
+            providerId: typeof cfg.providerId === 'string' ? cfg.providerId : undefined
+        });
         const auth = this.config.config.auth;
-        const authMode = this.normalizeAuthMode(auth.type);
+        const authMode = AuthModeUtils.normalizeAuthMode(auth.type);
         // 验证认证类型
         const supportedAuthTypes = [...profile.requiredAuth, ...profile.optionalAuth];
         if (!supportedAuthTypes.includes(authMode)) {
@@ -835,670 +317,73 @@ export class HttpTransportProvider extends BaseProvider {
                 `Supported types: ${supportedAuthTypes.join(', ')}`);
         }
     }
-    buildRequestUrl() {
-        const baseUrl = this.getEffectiveBaseUrl();
-        const endpoint = this.getEffectiveEndpoint();
-        return `${baseUrl}${endpoint}`;
-    }
     async buildRequestHeaders() {
-        const baseHeaders = {
-            'Content-Type': 'application/json'
-        };
         const runtimeMetadata = this.getCurrentRuntimeMetadata();
-        const inboundMetadata = runtimeMetadata?.metadata;
-        const inboundUserAgent = typeof inboundMetadata?.userAgent === 'string' && inboundMetadata.userAgent.trim()
-            ? inboundMetadata.userAgent.trim()
-            : undefined;
-        const inboundOriginator = typeof inboundMetadata?.clientOriginator === 'string' && inboundMetadata.clientOriginator.trim()
-            ? inboundMetadata.clientOriginator.trim()
-            : undefined;
-        const inboundClientHeaders = this.extractClientHeaders(runtimeMetadata);
-        const normalizedClientHeaders = this.normalizeCodexClientHeaders(inboundClientHeaders);
         const isAntigravity = this.isAntigravityTransportRuntime(runtimeMetadata);
-        // 服务特定头部
-        const serviceHeaders = this.serviceProfile.headers || {};
-        // 配置覆盖头部
-        const overrideHeaders = this.config.config.overrides?.headers || {};
         const runtimeHeaders = this.getRuntimeProfile()?.headers || {};
-        // ========== 风控增强：添加 Google 客户端标识和元数据 ==========
-        if (this.isGeminiFamilyTransport() && !isAntigravity) {
-            // Google 客户端标识
-            this.assignHeader(baseHeaders, 'X-Goog-Api-Client', 'gl-node/22.17.0');
-            // 客户端元数据
-            const clientMetadata = this.buildClientMetadata(runtimeMetadata);
-            if (clientMetadata) {
-                this.assignHeader(baseHeaders, 'Client-Metadata', clientMetadata);
-            }
-            // Accept 编码
-            this.assignHeader(baseHeaders, 'Accept-Encoding', 'gzip, deflate, br');
-            // Accept 类型（用于流式响应）
-            const isStreaming = runtimeMetadata?.streaming === true;
-            this.assignHeader(baseHeaders, 'Accept', isStreaming ? 'text/event-stream' : 'application/json');
-        }
-        // OAuth：请求前确保令牌有效（提前刷新）
-        try {
-            const auth = this.config.config.auth;
-            if (this.normalizeAuthMode(auth.type) === 'oauth') {
-                const oauthAuth = auth;
-                const oauthProviderId = this.oauthProviderId || this.ensureOAuthProviderId(oauthAuth);
-                logOAuthDebug('[OAuth] [headers] ensureValid start (silent refresh only)');
-                try {
-                    // 请求前仅尝试静默刷新，不主动打开浏览器；
-                    // 真正令牌失效由 handleUpstreamInvalidOAuthToken 触发交互式修复。
-                    await ensureValidOAuthToken(oauthProviderId, oauthAuth, {
-                        forceReacquireIfRefreshFails: false,
-                        openBrowser: false,
-                        forceReauthorize: false
-                    });
-                    logOAuthDebug('[OAuth] [headers] ensureValid OK');
-                }
-                catch (error) {
-                    const err = error;
-                    const msg = err?.message ? String(err.message) : String(error);
-                    const authErr = (error instanceof Error ? error : new Error(msg));
-                    const needsInteractiveRepair = shouldTriggerInteractiveOAuthRepair(oauthProviderId, authErr);
-                    if (needsInteractiveRepair) {
-                        if (typeof authErr.statusCode !== 'number' && typeof authErr.status !== 'number') {
-                            authErr.statusCode = 401;
-                            authErr.status = 401;
-                        }
-                        if (typeof authErr.code !== 'string' || !authErr.code.trim()) {
-                            authErr.code = 'AUTH_INVALID_TOKEN';
-                        }
-                        // 非阻塞：后台触发修复，不等待本请求。
-                        void handleUpstreamInvalidOAuthToken(oauthProviderId, oauthAuth, authErr, {
-                            allowBlocking: false
-                        }).catch(() => {
-                            // ignore background repair errors
-                        });
-                        authErr.__routecodexAuthPreflightFatal = true;
-                        throw authErr;
-                    }
-                    // 非认证类的 ensureValid 错误只做日志，避免影响正常流量。
-                    logOAuthDebug(`[OAuth] [headers] ensureValid skipped: ${msg}`);
-                }
-                try {
-                    this.authProvider.getOAuthClient?.()?.loadToken?.();
-                }
-                catch {
-                    // ignore
-                }
-            }
-        }
-        catch (error) {
-            if (error &&
-                typeof error === 'object' &&
-                error.__routecodexAuthPreflightFatal === true) {
-                throw error;
-            }
-            // bubble up in authHeaders build below
-        }
-        // 认证头部（如为 OAuth，若当前无有效 token 则尝试拉取/刷新一次再取 headers）
-        const providerAuth = this.config.config.auth;
-        const authRawType = typeof providerAuth.rawType === 'string'
-            ? String(providerAuth.rawType).trim().toLowerCase()
-            : '';
-        if (authRawType === 'deepseek-account' && this.authProvider?.validateCredentials) {
-            await this.authProvider.validateCredentials();
-        }
-        let authHeaders = {};
-        authHeaders = this.authProvider?.buildHeaders() || {};
-        const finalHeaders = {
-            ...baseHeaders,
-            ...serviceHeaders,
-            ...overrideHeaders,
-            ...runtimeHeaders,
-            ...authHeaders
-        };
-        // 保留客户端 Accept；无则默认为 application/json
-        const clientAccept = normalizedClientHeaders ? this.findHeaderValue(normalizedClientHeaders, 'Accept') : undefined;
-        if (clientAccept) {
-            this.assignHeader(finalHeaders, 'Accept', clientAccept);
-        }
-        else if (!this.findHeaderValue(finalHeaders, 'Accept')) {
-            this.assignHeader(finalHeaders, 'Accept', 'application/json');
-        }
-        // Header priority:
-        // - user/provider config (overrides/runtime) wins
-        // - otherwise inherit from inbound client headers
-        // - otherwise fall back to defaults
-        const uaFromConfig = this.findHeaderValue({ ...overrideHeaders, ...runtimeHeaders }, 'User-Agent');
-        const uaFromService = this.findHeaderValue(serviceHeaders, 'User-Agent');
-        // iFlow 特例：部分模型（例如 glm-4.7）对 UA 有强约束，必须模拟 iFlow CLI。
-        // 因此对 iflow：service/profile 的 UA 优先级应高于 inbound client userAgent，
-        // 否则客户端 UA 会把模拟头部冲掉，触发 HTTP 200 + status=435 "Model not support"。
+        const isGeminiFamily = this.isGeminiFamilyTransport();
         const isIflow = this.isIflowTransportRuntime(runtimeMetadata);
-        const familyProfile = this.resolveFamilyProfile(runtimeMetadata);
-        const profileResolvedUa = await familyProfile?.resolveUserAgent?.({
-            uaFromConfig,
-            uaFromService,
-            inboundUserAgent,
-            defaultUserAgent: DEFAULT_USER_AGENT,
-            runtimeMetadata
+        return buildProviderRequestHeaders({
+            config: this.config.config,
+            authProvider: this.authProvider,
+            oauthProviderId: this.oauthProviderId,
+            serviceProfile: this.serviceProfile,
+            runtimeMetadata,
+            runtimeHeaders,
+            familyProfile: this.resolveFamilyProfile(runtimeMetadata),
+            isGeminiFamily,
+            isAntigravity,
+            isIflow,
+            providerType: this.providerType
         });
-        const resolvedUa = profileResolvedUa ?? (isIflow
-            ? (uaFromConfig ?? uaFromService ?? inboundUserAgent ?? DEFAULT_USER_AGENT)
-            : (uaFromConfig ?? inboundUserAgent ?? uaFromService ?? DEFAULT_USER_AGENT));
-        this.assignHeader(finalHeaders, 'User-Agent', resolvedUa);
-        // originator: do not invent one; only forward from config or inbound client.
-        // gcli2api alignment: Gemini-family upstreams do not expect/need originator; avoid leaking client identifiers.
-        if (!this.isGeminiFamilyTransport()) {
-            const originatorFromConfig = this.findHeaderValue({ ...overrideHeaders, ...runtimeHeaders }, 'originator');
-            const originatorFromService = this.findHeaderValue(serviceHeaders, 'originator');
-            const resolvedOriginator = originatorFromConfig ?? inboundOriginator ?? originatorFromService;
-            if (resolvedOriginator) {
-                this.assignHeader(finalHeaders, 'originator', resolvedOriginator);
-            }
-        }
-        if (!isAntigravity && normalizedClientHeaders) {
-            const conversationId = this.findHeaderValue(normalizedClientHeaders, 'conversation_id');
-            if (conversationId) {
-                this.assignHeader(finalHeaders, 'conversation_id', conversationId);
-            }
-            const sessionId = this.findHeaderValue(normalizedClientHeaders, 'session_id');
-            if (sessionId) {
-                this.assignHeader(finalHeaders, 'session_id', sessionId);
-            }
-        }
-        // Inbound metadata may already carry parsed session identifiers (e.g. when client sends
-        // metadata.sessionId / metadata.conversationId instead of headers). Inject them only
-        // if not already provided by config/runtime headers or inbound client headers.
-        if (!isAntigravity && inboundMetadata && typeof inboundMetadata === 'object') {
-            const meta = inboundMetadata;
-            const metaSessionId = typeof meta.sessionId === 'string' && meta.sessionId.trim() ? meta.sessionId.trim() : '';
-            const metaConversationId = typeof meta.conversationId === 'string' && meta.conversationId.trim() ? meta.conversationId.trim() : '';
-            const resolvedSessionId = metaSessionId || metaConversationId;
-            const resolvedConversationId = metaConversationId || metaSessionId;
-            if (resolvedSessionId && !this.findHeaderValue(finalHeaders, 'session_id')) {
-                this.assignHeader(finalHeaders, 'session_id', resolvedSessionId);
-            }
-            if (resolvedConversationId && !this.findHeaderValue(finalHeaders, 'conversation_id')) {
-                this.assignHeader(finalHeaders, 'conversation_id', resolvedConversationId);
-            }
-        }
-        const codexUaMode = this.isCodexUaMode();
-        if (!isAntigravity && codexUaMode) {
-            this.ensureCodexSessionHeaders(finalHeaders, runtimeMetadata);
-        }
-        if (isAntigravity) {
-            this.deleteHeader(finalHeaders, 'session_id');
-            this.deleteHeader(finalHeaders, 'conversation_id');
-        }
-        if (isIflow) {
-            this.enforceIflowCliHeaders(finalHeaders);
-        }
-        return finalHeaders;
-    }
-    isCodexUaMode() {
-        const raw = process.env.ROUTECODEX_UA_MODE ??
-            process.env.RCC_UA_MODE ??
-            '';
-        const normalized = typeof raw === 'string' ? raw.trim().toLowerCase() : '';
-        const runtime = this.getCurrentRuntimeMetadata();
-        if (!runtime) {
-            return false;
-        }
-        const providerType = runtime.providerType || this.providerType;
-        const entryEndpoint = this.getEntryEndpointFromRuntime(runtime);
-        // 显式 UA 模式（--codex / --ua codex）：对所有 provider 激活
-        if (normalized === 'codex') {
-            return true;
-        }
-        // 隐式模式：未显式设置 UA 时，仅在 responses provider 且入口不是 /v1/responses 时激活
-        if (providerType === 'responses' && entryEndpoint) {
-            const lowered = entryEndpoint.trim().toLowerCase();
-            if (!lowered.includes('/responses')) {
-                return true;
-            }
-        }
-        return false;
-    }
-    normalizeCodexClientHeaders(headers) {
-        if (!headers) {
-            return undefined;
-        }
-        if (!this.isCodexUaMode()) {
-            return headers;
-        }
-        const normalizedHeaders = { ...headers };
-        this.copyHeaderValue(normalizedHeaders, headers, 'anthropic-session-id', 'session_id');
-        this.copyHeaderValue(normalizedHeaders, headers, 'anthropic-conversation-id', 'conversation_id');
-        this.copyHeaderValue(normalizedHeaders, headers, 'anthropic-user-agent', 'User-Agent');
-        this.copyHeaderValue(normalizedHeaders, headers, 'anthropic-originator', 'originator');
-        return normalizedHeaders;
-    }
-    copyHeaderValue(target, source, from, to) {
-        if (this.findHeaderValue(target, to)) {
-            return;
-        }
-        const value = this.findHeaderValue(source, from);
-        if (value) {
-            target[to] = value;
-        }
-    }
-    findHeaderValue(headers, target) {
-        const lowered = typeof target === 'string' ? target.toLowerCase() : '';
-        if (!lowered) {
-            return undefined;
-        }
-        const normalizedTarget = this.normalizeHeaderKey(lowered);
-        for (const [key, value] of Object.entries(headers)) {
-            if (typeof value !== 'string') {
-                continue;
-            }
-            const trimmed = value.trim();
-            if (!trimmed) {
-                continue;
-            }
-            const loweredKey = key.toLowerCase();
-            if (loweredKey === lowered) {
-                return trimmed;
-            }
-            if (this.normalizeHeaderKey(loweredKey) === normalizedTarget) {
-                return trimmed;
-            }
-        }
-        return undefined;
-    }
-    normalizeHeaderKey(value) {
-        if (!value) {
-            return '';
-        }
-        return value.replace(/[\s_-]+/g, '');
-    }
-    assignHeader(headers, target, value) {
-        if (!value || !value.trim()) {
-            return;
-        }
-        const lowered = target.toLowerCase();
-        for (const key of Object.keys(headers)) {
-            if (key.toLowerCase() === lowered) {
-                headers[key] = value;
-                return;
-            }
-        }
-        headers[target] = value;
-    }
-    deleteHeader(headers, target) {
-        const lowered = typeof target === 'string' ? target.toLowerCase() : '';
-        if (!lowered) {
-            return;
-        }
-        const normalizedTarget = this.normalizeHeaderKey(lowered);
-        for (const key of Object.keys(headers)) {
-            const loweredKey = key.toLowerCase();
-            if (loweredKey === lowered) {
-                delete headers[key];
-                continue;
-            }
-            if (this.normalizeHeaderKey(loweredKey) === normalizedTarget) {
-                delete headers[key];
-            }
-        }
-    }
-    ensureCodexSessionHeaders(headers, runtimeMetadata) {
-        this.setHeaderIfMissing(headers, 'session_id', this.buildCodexIdentifier('session', runtimeMetadata));
-        this.setHeaderIfMissing(headers, 'conversation_id', this.buildCodexIdentifier('conversation', runtimeMetadata));
-    }
-    setHeaderIfMissing(headers, target, value) {
-        if (this.findHeaderValue(headers, target)) {
-            return;
-        }
-        this.assignHeader(headers, target, value);
-    }
-    enforceIflowCliHeaders(headers) {
-        const resolvedSessionId = this.findHeaderValue(headers, 'session-id') ??
-            this.findHeaderValue(headers, 'session_id') ??
-            '';
-        const resolvedConversationId = this.findHeaderValue(headers, 'conversation-id') ??
-            this.findHeaderValue(headers, 'conversation_id') ??
-            resolvedSessionId;
-        if (resolvedSessionId) {
-            this.assignHeader(headers, 'session-id', resolvedSessionId);
-        }
-        if (resolvedConversationId) {
-            this.assignHeader(headers, 'conversation-id', resolvedConversationId);
-        }
-        const bearerApiKey = this.extractBearerApiKey(headers);
-        if (!bearerApiKey) {
-            return;
-        }
-        const userAgent = this.findHeaderValue(headers, 'User-Agent') ?? 'iFlow-Cli';
-        const timestamp = Date.now().toString();
-        const signature = this.buildIflowSignature(userAgent, resolvedSessionId, timestamp, bearerApiKey);
-        if (!signature) {
-            return;
-        }
-        this.assignHeader(headers, 'x-iflow-timestamp', timestamp);
-        this.assignHeader(headers, 'x-iflow-signature', signature);
-    }
-    extractBearerApiKey(headers) {
-        const authorization = this.findHeaderValue(headers, 'Authorization');
-        if (!authorization) {
-            return undefined;
-        }
-        const matched = authorization.match(/^Bearer\s+(.+)$/i);
-        if (!matched || !matched[1]) {
-            return undefined;
-        }
-        const apiKey = matched[1].trim();
-        return apiKey || undefined;
-    }
-    buildIflowSignature(userAgent, sessionId, timestamp, apiKey) {
-        if (!apiKey) {
-            return undefined;
-        }
-        const payload = `${userAgent}:${sessionId}:${timestamp}`;
-        try {
-            return createHmac('sha256', apiKey).update(payload, 'utf8').digest('hex');
-        }
-        catch {
-            return undefined;
-        }
-    }
-    buildCodexIdentifier(kind, runtimeMetadata) {
-        const fallbackId = runtimeMetadata?.metadata && typeof runtimeMetadata.metadata === 'object'
-            ? runtimeMetadata.metadata.clientRequestId
-            : undefined;
-        const requestId = runtimeMetadata?.requestId ?? fallbackId;
-        const routeName = runtimeMetadata?.routeName;
-        const suffix = (requestId ?? `req-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`)
-            .toString()
-            .replace(/[^A-Za-z0-9_-]/g, '_');
-        const parts = ['codex_cli', kind, suffix];
-        if (routeName) {
-            parts.push(routeName.replace(/[^A-Za-z0-9_-]/g, '_'));
-        }
-        return this.enforceCodexIdentifierLength(parts.join('_'));
     }
     isAntigravityTransportRuntime(runtimeMetadata) {
-        const fromConfig = typeof this.config?.config?.providerId === 'string' && this.config.config.providerId.trim()
-            ? this.config.config.providerId.trim().toLowerCase()
-            : '';
-        const fromRuntime = typeof runtimeMetadata?.providerId === 'string' && runtimeMetadata.providerId.trim()
-            ? runtimeMetadata.providerId.trim().toLowerCase()
-            : '';
-        const fromProviderKey = typeof runtimeMetadata?.providerKey === 'string' && runtimeMetadata.providerKey.trim()
-            ? runtimeMetadata.providerKey.trim().toLowerCase()
-            : '';
-        const fromOAuth = typeof this.oauthProviderId === 'string' ? this.oauthProviderId.trim().toLowerCase() : '';
-        if (fromConfig === 'antigravity' || fromRuntime === 'antigravity' || fromOAuth === 'antigravity') {
-            return true;
-        }
-        if (fromProviderKey.startsWith('antigravity.')) {
-            return true;
-        }
-        return false;
+        return this.getRuntimeDetector().isAntigravity(runtimeMetadata);
     }
     isIflowTransportRuntime(runtimeMetadata) {
-        const fromConfig = typeof this.config?.config?.providerId === 'string' && this.config.config.providerId.trim()
-            ? this.config.config.providerId.trim().toLowerCase()
-            : '';
-        const fromRuntime = typeof runtimeMetadata?.providerId === 'string' && runtimeMetadata.providerId.trim()
-            ? runtimeMetadata.providerId.trim().toLowerCase()
-            : '';
-        const fromProviderKey = typeof runtimeMetadata?.providerKey === 'string' && runtimeMetadata.providerKey.trim()
-            ? runtimeMetadata.providerKey.trim().toLowerCase()
-            : '';
-        const fromOAuth = typeof this.oauthProviderId === 'string' ? this.oauthProviderId.trim().toLowerCase() : '';
-        if (fromConfig === 'iflow' || fromRuntime === 'iflow' || fromOAuth === 'iflow') {
-            return true;
-        }
-        if (fromProviderKey.startsWith('iflow.')) {
-            return true;
-        }
-        return false;
-    }
-    enforceCodexIdentifierLength(value) {
-        if (value.length <= CODEX_IDENTIFIER_MAX_LENGTH) {
-            return value;
-        }
-        const hash = createHash('sha256').update(value).digest('hex').slice(0, 10);
-        const keep = Math.max(1, CODEX_IDENTIFIER_MAX_LENGTH - hash.length - 1);
-        return `${value.slice(0, keep)}_${hash}`;
+        return this.getRuntimeDetector().isIflow(runtimeMetadata);
     }
     getEffectiveBaseUrl() {
-        const runtime = this.getRuntimeProfile();
-        const runtimeEndpoint = this.pickRuntimeBaseUrl(runtime);
-        return (runtimeEndpoint ||
-            runtime?.baseUrl ||
-            this.config.config.overrides?.baseUrl ||
-            this.config.config.baseUrl ||
-            this.serviceProfile.defaultBaseUrl);
+        const cfg = this.config.config;
+        const profileKey = resolveProviderProfileKey({
+            moduleType: this.type,
+            providerType: this.providerType,
+            providerId: typeof cfg.providerId === 'string' ? cfg.providerId : undefined
+        });
+        return RuntimeEndpointResolver.resolveEffectiveBaseUrl({
+            runtime: this.getRuntimeProfile(),
+            overrideBaseUrl: this.config.config.overrides?.baseUrl,
+            configBaseUrl: this.config.config.baseUrl,
+            serviceDefaultBaseUrl: this.serviceProfile.defaultBaseUrl,
+            profileKey,
+            providerType: this.providerType
+        });
     }
     getBaseUrlCandidates(_context) {
         return undefined;
     }
     getEffectiveEndpoint() {
-        const runtime = this.getRuntimeProfile();
-        const runtimeEndpoint = runtime?.endpoint && !this.looksLikeAbsoluteUrl(runtime.endpoint)
-            ? runtime.endpoint
-            : undefined;
-        return (runtimeEndpoint ||
-            this.config.config.overrides?.endpoint ||
-            this.serviceProfile.defaultEndpoint);
-    }
-    pickRuntimeBaseUrl(runtime) {
-        if (!runtime) {
-            return undefined;
-        }
-        if (typeof runtime.baseUrl === 'string' && runtime.baseUrl.trim()) {
-            return runtime.baseUrl.trim();
-        }
-        if (typeof runtime.endpoint === 'string' && this.looksLikeAbsoluteUrl(runtime.endpoint)) {
-            return runtime.endpoint.trim();
-        }
-        return undefined;
-    }
-    looksLikeAbsoluteUrl(value) {
-        if (!value) {
-            return false;
-        }
-        const trimmed = value.trim();
-        return /^https?:\/\//i.test(trimmed) || trimmed.startsWith('//');
-    }
-    // （工具自动修复辅助函数已删除）
-    getConfigExtensions() {
-        const extensions = this.config.config.extensions;
-        return extensions && typeof extensions === 'object'
-            ? extensions
-            : {};
-    }
-    getEntryEndpointFromPayload(payload) {
-        const runtimeMeta = extractProviderRuntimeMetadata(payload);
-        const metadata = (runtimeMeta && typeof runtimeMeta.metadata === 'object')
-            ? runtimeMeta.metadata
-            : payload.metadata;
-        if (metadata && typeof metadata.entryEndpoint === 'string' && metadata.entryEndpoint.trim()) {
-            return metadata.entryEndpoint;
-        }
-        return undefined;
-    }
-    getEntryEndpointFromRuntime(runtime) {
-        if (!runtime || !runtime.metadata || typeof runtime.metadata !== 'object') {
-            return undefined;
-        }
-        const meta = runtime.metadata;
-        const value = meta.entryEndpoint;
-        return typeof value === 'string' && value.trim().length ? value : undefined;
-    }
-    asResponseRecord(value) {
-        if (isRecord(value)) {
-            return value;
-        }
-        return {};
-    }
-    extractModel(record) {
-        if (typeof record.model === 'string' && record.model.trim()) {
-            return record.model;
-        }
-        if (record.data && typeof record.data.model === 'string' && record.data.model.trim()) {
-            return record.data.model;
-        }
-        return undefined;
-    }
-    extractUsage(record) {
-        if (record.usage && typeof record.usage === 'object') {
-            return record.usage;
-        }
-        if (record.data && record.data.usage && typeof record.data.usage === 'object') {
-            return record.data.usage;
-        }
-        return undefined;
-    }
-    getClientRequestIdFromContext(context) {
-        const fromMetadata = this.extractClientId(context.metadata);
-        if (fromMetadata) {
-            return fromMetadata;
-        }
-        const runtimeMeta = context.runtimeMetadata?.metadata;
-        return this.extractClientId(runtimeMeta);
-    }
-    extractClientId(source) {
-        if (!source || typeof source !== 'object') {
-            return undefined;
-        }
-        const value = source.clientRequestId;
-        if (typeof value === 'string' && value.trim().length) {
-            return value.trim();
-        }
-        return undefined;
+        return RuntimeEndpointResolver.resolveEffectiveEndpoint({
+            runtime: this.getRuntimeProfile(),
+            overrideEndpoint: this.config.config.overrides?.endpoint,
+            serviceDefaultEndpoint: this.serviceProfile.defaultEndpoint
+        });
     }
     createProviderContext() {
-        const runtime = this.getCurrentRuntimeMetadata();
-        return {
-            requestId: runtime?.requestId || `req_${Date.now()}_${Math.random().toString(36).substr(2, 9)}`,
-            providerType: runtime?.providerType || this.providerType,
-            startTime: Date.now(),
-            profile: this.serviceProfile,
-            routeName: runtime?.routeName,
-            providerId: runtime?.providerId,
-            providerKey: runtime?.providerKey,
-            providerProtocol: runtime?.providerProtocol,
-            metadata: runtime?.metadata,
-            target: runtime?.target,
-            runtimeMetadata: runtime,
-            pipelineId: runtime?.pipelineId
-        };
-    }
-    resolveProfileKey(config) {
-        if (this.type === 'gemini-cli-http-provider') {
-            return 'gemini-cli';
-        }
-        const direct = typeof config?.providerId === 'string' && config.providerId.trim()
-            ? config.providerId.trim().toLowerCase()
-            : '';
-        return direct || this.providerType;
-    }
-    normalizeAuthMode(type) {
-        return typeof type === 'string' && type.toLowerCase().includes('oauth') ? 'oauth' : 'apikey';
-    }
-    resolveOAuthProviderId(type) {
-        if (typeof type !== 'string') {
-            return undefined;
-        }
-        const match = type.toLowerCase().match(/^([a-z0-9._-]+)-oauth$/);
-        return match ? match[1] : undefined;
-    }
-    ensureOAuthProviderId(auth, extensions) {
-        const fromExtension = typeof extensions?.oauthProviderId === 'string' && extensions.oauthProviderId.trim()
-            ? extensions.oauthProviderId.trim()
-            : undefined;
-        if (fromExtension) {
-            return fromExtension;
-        }
-        const fromAuthField = typeof auth?.oauthProviderId === 'string' && auth.oauthProviderId.trim()
-            ? auth.oauthProviderId.trim()
-            : undefined;
-        if (fromAuthField) {
-            return fromAuthField;
-        }
-        const providerId = this.resolveOAuthProviderId(auth?.rawType ?? auth?.type);
-        if (providerId) {
-            return providerId;
-        }
-        const fallback = this.resolveOAuthProviderId(auth?.type);
-        if (fallback) {
-            return fallback;
-        }
-        throw new Error(`OAuth auth.type must be declared as "<provider>-oauth" (received ${typeof auth?.rawType === 'string' ? auth.rawType : auth?.type ?? 'unknown'})`);
-    }
-    ensureOAuthProviderIdLegacy(type) {
-        const providerId = this.resolveOAuthProviderId(type);
-        if (!providerId) {
-            throw new Error(`OAuth auth.type must be declared as "<provider>-oauth" (received ${typeof type === 'string' ? type : 'unknown'})`);
-        }
-        return providerId;
-    }
-    extractClientHeaders(source) {
-        const normalize = (value) => {
-            return this.normalizeClientHeaders(value);
-        };
-        if (!source || typeof source !== 'object') {
-            return undefined;
-        }
-        const candidates = [];
-        const metadataNode = source.metadata;
-        if (metadataNode && typeof metadataNode === 'object') {
-            const headersNode = metadataNode.clientHeaders;
-            if (headersNode) {
-                candidates.push(headersNode);
-            }
-        }
-        const directNode = source.clientHeaders;
-        if (directNode) {
-            candidates.push(directNode);
-        }
-        for (const candidate of candidates) {
-            const normalized = normalize(candidate);
-            if (normalized) {
-                return normalized;
-            }
-        }
-        return undefined;
-    }
-    /**
-     * 构建客户端元数据（用于风控和调试）
-     */
-    buildClientMetadata(runtimeMetadata) {
-        // Keep this string stable and minimal to match gcli2api snapshots.
-        // Avoid embedding client identifiers (originator/session) into upstream headers.
-        return 'ideType=IDE_UNSPECIFIED,platform=PLATFORM_UNSPECIFIED,pluginType=GEMINI';
-    }
-    /**
-     * 构建请求类型（用于区分不同类型的请求）
-     */
-    buildRequestType(runtimeMetadata) {
-        const model = runtimeMetadata?.target;
-        const modelId = model?.clientModelId || '';
-        // 根据模型名称判断请求类型
-        if (modelId.includes('image') || modelId.includes('imagen')) {
-            return 'image_gen';
-        }
-        // 默认为 agent 类型
-        return 'agent';
+        return createProviderRuntimeContext({
+            runtime: this.getCurrentRuntimeMetadata(),
+            serviceProfile: this.serviceProfile,
+            providerType: this.providerType
+        });
     }
     /**
      * 检查是否为 Gemini 系列传输
      */
     isGeminiFamilyTransport() {
-        const providerType = this.providerType.toLowerCase();
-        return providerType === 'gemini' ||
-            providerType === 'gemini-cli' ||
-            providerType === 'antigravity';
+        return this.getRuntimeDetector().isGeminiFamily();
     }
-    normalizeClientHeaders(value) {
-        if (!value || typeof value !== 'object') {
-            return undefined;
-        }
-        const normalized = {};
-        for (const [key, raw] of Object.entries(value)) {
-            if (typeof raw === 'string' && raw.trim()) {
-                normalized[key] = raw;
-            }
-        }
-        return Object.keys(normalized).length ? normalized : undefined;
+    getRuntimeDetector() {
+        return new RuntimeDetector(this.config, this.providerType, this.oauthProviderId);
     }
 }
-const CODEX_IDENTIFIER_MAX_LENGTH = 64;
 //# sourceMappingURL=http-transport-provider.js.map