npm - @jsonstudio/rcc - Versions diffs - 0.89.1968 → 0.89.2202 - Mend

@jsonstudio/rcc 0.89.1968 → 0.89.2202

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (559) hide show

package/dist/providers/core/runtime/transport/session-header-utils.js ADDED Viewed

@@ -0,0 +1,72 @@
+import { createHash } from 'node:crypto';
+import { CODEX_IDENTIFIER_MAX_LENGTH } from '../../../../constants/index.js';
+import { HeaderUtils } from './header-utils.js';
+import { ProviderPayloadUtils } from './provider-payload-utils.js';
+export class SessionHeaderUtils {
+    static normalizeCodexClientHeaders(headers, codexUaMode) {
+        if (!headers) {
+            return undefined;
+        }
+        if (!codexUaMode) {
+            return headers;
+        }
+        const normalizedHeaders = { ...headers };
+        HeaderUtils.copyHeaderValue(normalizedHeaders, headers, 'anthropic-session-id', 'session_id');
+        HeaderUtils.copyHeaderValue(normalizedHeaders, headers, 'anthropic-conversation-id', 'conversation_id');
+        HeaderUtils.copyHeaderValue(normalizedHeaders, headers, 'anthropic-user-agent', 'User-Agent');
+        HeaderUtils.copyHeaderValue(normalizedHeaders, headers, 'anthropic-originator', 'originator');
+        return normalizedHeaders;
+    }
+    static ensureCodexSessionHeaders(headers, runtimeMetadata) {
+        HeaderUtils.setHeaderIfMissing(headers, 'session_id', SessionHeaderUtils.buildCodexIdentifier('session', runtimeMetadata));
+        HeaderUtils.setHeaderIfMissing(headers, 'conversation_id', SessionHeaderUtils.buildCodexIdentifier('conversation', runtimeMetadata));
+    }
+    static extractClientHeaders(source) {
+        if (!source || typeof source !== 'object') {
+            return undefined;
+        }
+        const candidates = [];
+        const metadataNode = source.metadata;
+        if (metadataNode && typeof metadataNode === 'object') {
+            const headersNode = metadataNode.clientHeaders;
+            if (headersNode) {
+                candidates.push(headersNode);
+            }
+        }
+        const directNode = source.clientHeaders;
+        if (directNode) {
+            candidates.push(directNode);
+        }
+        for (const candidate of candidates) {
+            const normalized = ProviderPayloadUtils.normalizeClientHeaders(candidate);
+            if (normalized) {
+                return normalized;
+            }
+        }
+        return undefined;
+    }
+    static buildCodexIdentifier(kind, runtimeMetadata) {
+        const fallbackId = runtimeMetadata?.metadata && typeof runtimeMetadata.metadata === 'object'
+            ? runtimeMetadata.metadata.clientRequestId
+            : undefined;
+        const requestId = runtimeMetadata?.requestId ?? fallbackId;
+        const routeName = runtimeMetadata?.routeName;
+        const suffix = (requestId ?? `req-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`)
+            .toString()
+            .replace(/[^A-Za-z0-9_-]/g, '_');
+        const parts = ['codex_cli', kind, suffix];
+        if (routeName) {
+            parts.push(routeName.replace(/[^A-Za-z0-9_-]/g, '_'));
+        }
+        return SessionHeaderUtils.enforceCodexIdentifierLength(parts.join('_'));
+    }
+    static enforceCodexIdentifierLength(value) {
+        if (value.length <= CODEX_IDENTIFIER_MAX_LENGTH) {
+            return value;
+        }
+        const hash = createHash('sha256').update(value).digest('hex').slice(0, 10);
+        const keep = Math.max(1, CODEX_IDENTIFIER_MAX_LENGTH - hash.length - 1);
+        return `${value.slice(0, keep)}_${hash}`;
+    }
+}
+//# sourceMappingURL=session-header-utils.js.map

package/dist/providers/core/runtime/transport/session-header-utils.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"session-header-utils.js","sourceRoot":"","sources":["../../../../../src/providers/core/runtime/transport/session-header-utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,EAAE,2BAA2B,EAAE,MAAM,gCAAgC,CAAC;AAC7E,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AAEnE,MAAM,OAAO,kBAAkB;IAC7B,MAAM,CAAC,2BAA2B,CAChC,OAA2C,EAC3C,WAAoB;QAEpB,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,MAAM,iBAAiB,GAAG,EAAE,GAAG,OAAO,EAAE,CAAC;QACzC,WAAW,CAAC,eAAe,CAAC,iBAAiB,EAAE,OAAO,EAAE,sBAAsB,EAAE,YAAY,CAAC,CAAC;QAC9F,WAAW,CAAC,eAAe,CAAC,iBAAiB,EAAE,OAAO,EAAE,2BAA2B,EAAE,iBAAiB,CAAC,CAAC;QACxG,WAAW,CAAC,eAAe,CAAC,iBAAiB,EAAE,OAAO,EAAE,sBAAsB,EAAE,YAAY,CAAC,CAAC;QAC9F,WAAW,CAAC,eAAe,CAAC,iBAAiB,EAAE,OAAO,EAAE,sBAAsB,EAAE,YAAY,CAAC,CAAC;QAC9F,OAAO,iBAAiB,CAAC;IAC3B,CAAC;IAED,MAAM,CAAC,yBAAyB,CAC9B,OAA+B,EAC/B,eAAyC;QAEzC,WAAW,CAAC,kBAAkB,CAAC,OAAO,EAAE,YAAY,EAAE,kBAAkB,CAAC,oBAAoB,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC,CAAC;QAC3H,WAAW,CAAC,kBAAkB,CAC5B,OAAO,EACP,iBAAiB,EACjB,kBAAkB,CAAC,oBAAoB,CAAC,cAAc,EAAE,eAAe,CAAC,CACzE,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,oBAAoB,CACzB,MAA0D;QAE1D,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC1C,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,MAAM,UAAU,GAAc,EAAE,CAAC;QACjC,MAAM,YAAY,GAAI,MAAiC,CAAC,QAAQ,CAAC;QACjE,IAAI,YAAY,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE,CAAC;YACrD,MAAM,WAAW,GAAI,YAAwC,CAAC,aAAa,CAAC;YAC5E,IAAI,WAAW,EAAE,CAAC;gBAChB,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC;QACD,MAAM,UAAU,GAAI,MAAsC,CAAC,aAAa,CAAC;QACzE,IAAI,UAAU,EAAE,CAAC;YACf,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC9B,CAAC;QACD,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,MAAM,UAAU,GAAG,oBAAoB,CAAC,sBAAsB,CAAC,SAAS,CAAC,CAAC;YAC1E,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO,UAAU,CAAC;YACpB,CAAC;QACH,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAEO,MAAM,CAAC,oBAAoB,CACjC,IAAgC,EAChC,eAAyC;QAEzC,MAAM,UAAU,GAAG,eAAe,EAAE,QAAQ,IAAI,OAAO,eAAe,CAAC,QAAQ,KAAK,QAAQ;YAC1F,CAAC,CAAE,eAAe,CAAC,QAAoC,CAAC,eAAe;YACvE,CAAC,CAAC,SAAS,CAAC;QACd,MAAM,SAAS,GAAG,eAAe,EAAE,SAAS,IAAI,UAAU,CAAC;QAC3D,MAAM,SAAS,GAAG,eAAe,EAAE,SAAS,CAAC;QAC7C,MAAM,MAAM,GAAG,CAAC,SAAS,IAAI,OAAO,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;aACxF,QAAQ,EAAE;aACV,OAAO,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC;QACnC,MAAM,KAAK,GAAG,CAAC,WAAW,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;QAC1C,IAAI,SAAS,EAAE,CAAC;YACd,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,kBAAkB,CAAC,4BAA4B,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1E,CAAC;IAEO,MAAM,CAAC,4BAA4B,CAAC,KAAa;QACvD,IAAI,KAAK,CAAC,MAAM,IAAI,2BAA2B,EAAE,CAAC;YAChD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC3E,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,2BAA2B,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACxE,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC;IAC3C,CAAC;CACF"}

package/dist/providers/core/runtime/vision-debug-utils.d.ts CHANGED Viewed

@@ -10,4 +10,6 @@ export declare function shouldCaptureVisionDebug(source?: UnknownObject, fallbac
 };
 export declare function summarizeVisionMessages(source?: UnknownObject): string;
 export declare function buildVisionSnapshotPayload(payload: UnknownObject, extras?: Record<string, unknown>): Record<string, unknown>;
+export declare function logVisionDebugSummary(stage: string, payload: UnknownObject): void;
+export declare function captureVisionDebugPayloadSnapshot(stage: 'provider-preprocess-debug' | 'provider-body-debug', payload: UnknownObject): Promise<void>;
 export {};

package/dist/providers/core/runtime/vision-debug-utils.js CHANGED Viewed

@@ -1,4 +1,5 @@
 import { extractProviderRuntimeMetadata } from './provider-runtime-metadata.js';
+import { writeProviderSnapshot } from '../utils/snapshot-writer.js';
 const DEBUG_ENV_KEY = 'ROUTECODEX_VISION_DEBUG';
 const truthyValues = new Set(['1', 'true', 'yes']);
 function visionDebugEnabled() {
@@ -111,4 +112,34 @@ export function buildVisionSnapshotPayload(payload, extras) {
     }
     return snapshot;
 }
+export function logVisionDebugSummary(stage, payload) {
+    const debug = shouldCaptureVisionDebug(payload);
+    if (!debug.enabled) {
+        return;
+    }
+    const summary = summarizeVisionMessages(payload);
+    const label = debug.routeName ?? 'vision';
+    console.debug(`[vision-debug][${stage}] route=${label} request=${debug.requestId ?? '-'} ${summary}`);
+}
+export async function captureVisionDebugPayloadSnapshot(stage, payload) {
+    const debug = shouldCaptureVisionDebug(payload);
+    if (!debug.enabled || !debug.requestId) {
+        return;
+    }
+    try {
+        const metadataNode = payload.metadata;
+        const entryEndpoint = metadataNode && typeof metadataNode === 'object' && typeof metadataNode.entryEndpoint === 'string'
+            ? metadataNode.entryEndpoint
+            : undefined;
+        await writeProviderSnapshot({
+            phase: stage,
+            requestId: debug.requestId,
+            data: buildVisionSnapshotPayload(payload),
+            entryEndpoint
+        });
+    }
+    catch {
+        // snapshot is best-effort only
+    }
+}
 //# sourceMappingURL=vision-debug-utils.js.map

package/dist/providers/core/runtime/vision-debug-utils.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"vision-debug-utils.js","sourceRoot":"","sources":["../../../../src/providers/core/runtime/vision-debug-utils.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,8BAA8B,EAAE,MAAM,gCAAgC,CAAC;~~AAEhF~~,MAAM,aAAa,GAAG,yBAAyB,CAAC;AAEhD,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;AAEnD,SAAS,kBAAkB;IACzB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,UAAU,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC5C,OAAO,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;AACtC,CAAC;AAOD,MAAM,UAAU,wBAAwB,CACtC,MAAsB,EACtB,QAAwB;IAExB,IAAI,CAAC,kBAAkB,EAAE,EAAE,CAAC;QAC1B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAC5B,CAAC;IACD,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC7E,MAAM,SAAS,GAAG,CAAC,QAAQ,EAAE,SAAS,IAAI,QAAQ,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACnF,IAAI,SAAS,KAAK,QAAQ,EAAE,CAAC;QAC3B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAC5B,CAAC;IACD,MAAM,SAAS,GAAG,QAAQ,EAAE,SAAS,IAAI,QAAQ,EAAE,SAAS,CAAC;IAC7D,OAAO;QACL,OAAO,EAAE,IAAI;QACb,SAAS,EAAE,QAAQ,EAAE,SAAS,IAAI,QAAQ,EAAE,SAAS,IAAI,QAAQ;QACjE,SAAS;KACV,CAAC;AACJ,CAAC;AAED,SAAS,SAAS,CAAI,KAAQ;IAC5B,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAM,CAAC;IAChD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CAAC,MAAsB;IAC1C,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC1C,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,MAAM,GAAG,MAAiC,CAAC;IACjD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;QACnC,OAAO,MAAM,CAAC,QAAqB,CAAC;IACtC,CAAC;IACD,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC;IAC7B,IAAI,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC7C,MAAM,QAAQ,GAAI,QAAoC,CAAC,QAAQ,CAAC;QAChE,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5B,OAAO,QAAqB,CAAC;QAC/B,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,MAAsB;IAC5D,MAAM,QAAQ,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IACtC,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;QAClC,OAAO,YAAY,CAAC;IACtB,CAAC;IACD,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5C,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAC5C,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC7B,SAAS;QACX,CAAC;QACD,MAAM,IAAI,GAAG,OAAQ,OAAmC,CAAC,IAAI,KAAK,QAAQ;YACxE,CAAC,CAAG,OAAmC,CAAC,IAAe;YACvD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;QACZ,MAAM,OAAO,GAAI,OAAmC,CAAC,OAAO,CAAC;QAC7D,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAChC,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,CAAC;YAC5B,SAAS;QACX,CAAC;QACD,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3B,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;gBACjC,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;oBACtC,OAAO,OAAO,IAAI,CAAC;gBACrB,CAAC;gBACD,MAAM,SAAS,GAAI,IAAgC,CAAC,IAAI,CAAC;gBACzD,OAAO,OAAO,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC;YAC9D,CAAC,CAAC,CAAC;YACH,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,OAAO,EAAE,CAAC,CAAC;YACrD,SAAS;QACX,CAAC;QACD,IAAI,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAC3C,MAAM,SAAS,GAAI,OAAmC,CAAC,IAAI,CAAC;YAC5D,MAAM,KAAK,GAAG,OAAO,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC;YACnE,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,KAAK,EAAE,CAAC,CAAC;YAChC,SAAS;QACX,CAAC;QACD,IAAI,OAAO,KAAK,IAAI,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC9C,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,QAAQ,CAAC,CAAC;YAC7B,SAAS;QACX,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,OAAO,OAAO,EAAE,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC5B,CAAC;AAED,MAAM,UAAU,0BAA0B,CACxC,OAAsB,EACtB,MAAgC;IAEhC,MAAM,QAAQ,GAA4B;QACxC,OAAO,EAAE,uBAAuB,CAAC,OAAO,CAAC;KAC1C,CAAC;IACF,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;IAClC,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,QAAQ,CAAC,OAAO,GAAG,MAAM,CAAC;IAC5B,CAAC;SAAM,CAAC;QACN,QAAQ,CAAC,YAAY,GAAG,gBAAgB,CAAC;IAC3C,CAAC;IACD,IAAI,MAAM,EAAE,CAAC;QACX,QAAQ,CAAC,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC;IAChD,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC"}
1	+ {"version":3,"file":"vision-debug-utils.js","sourceRoot":"","sources":["../../../../src/providers/core/runtime/vision-debug-utils.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,8BAA8B,EAAE,MAAM,gCAAgC,CAAC;AAChF,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AAEpE,MAAM,aAAa,GAAG,yBAAyB,CAAC;AAEhD,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;AAEnD,SAAS,kBAAkB;IACzB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IACvC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,UAAU,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC5C,OAAO,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;AACtC,CAAC;AAOD,MAAM,UAAU,wBAAwB,CACtC,MAAsB,EACtB,QAAwB;IAExB,IAAI,CAAC,kBAAkB,EAAE,EAAE,CAAC;QAC1B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAC5B,CAAC;IACD,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC7E,MAAM,SAAS,GAAG,CAAC,QAAQ,EAAE,SAAS,IAAI,QAAQ,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACnF,IAAI,SAAS,KAAK,QAAQ,EAAE,CAAC;QAC3B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAC5B,CAAC;IACD,MAAM,SAAS,GAAG,QAAQ,EAAE,SAAS,IAAI,QAAQ,EAAE,SAAS,CAAC;IAC7D,OAAO;QACL,OAAO,EAAE,IAAI;QACb,SAAS,EAAE,QAAQ,EAAE,SAAS,IAAI,QAAQ,EAAE,SAAS,IAAI,QAAQ;QACjE,SAAS;KACV,CAAC;AACJ,CAAC;AAED,SAAS,SAAS,CAAI,KAAQ;IAC5B,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAM,CAAC;IAChD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CAAC,MAAsB;IAC1C,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC1C,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,MAAM,GAAG,MAAiC,CAAC;IACjD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;QACnC,OAAO,MAAM,CAAC,QAAqB,CAAC;IACtC,CAAC;IACD,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC;IAC7B,IAAI,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC7C,MAAM,QAAQ,GAAI,QAAoC,CAAC,QAAQ,CAAC;QAChE,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5B,OAAO,QAAqB,CAAC;QAC/B,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,MAAsB;IAC5D,MAAM,QAAQ,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IACtC,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;QAClC,OAAO,YAAY,CAAC;IACtB,CAAC;IACD,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5C,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAC5C,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC7B,SAAS;QACX,CAAC;QACD,MAAM,IAAI,GAAG,OAAQ,OAAmC,CAAC,IAAI,KAAK,QAAQ;YACxE,CAAC,CAAG,OAAmC,CAAC,IAAe;YACvD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;QACZ,MAAM,OAAO,GAAI,OAAmC,CAAC,OAAO,CAAC;QAC7D,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAChC,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,CAAC;YAC5B,SAAS;QACX,CAAC;QACD,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3B,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;gBACjC,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;oBACtC,OAAO,OAAO,IAAI,CAAC;gBACrB,CAAC;gBACD,MAAM,SAAS,GAAI,IAAgC,CAAC,IAAI,CAAC;gBACzD,OAAO,OAAO,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC;YAC9D,CAAC,CAAC,CAAC;YACH,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,OAAO,EAAE,CAAC,CAAC;YACrD,SAAS;QACX,CAAC;QACD,IAAI,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAC3C,MAAM,SAAS,GAAI,OAAmC,CAAC,IAAI,CAAC;YAC5D,MAAM,KAAK,GAAG,OAAO,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC;YACnE,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,KAAK,EAAE,CAAC,CAAC;YAChC,SAAS;QACX,CAAC;QACD,IAAI,OAAO,KAAK,IAAI,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC9C,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,QAAQ,CAAC,CAAC;YAC7B,SAAS;QACX,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,OAAO,OAAO,EAAE,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC5B,CAAC;AAED,MAAM,UAAU,0BAA0B,CACxC,OAAsB,EACtB,MAAgC;IAEhC,MAAM,QAAQ,GAA4B;QACxC,OAAO,EAAE,uBAAuB,CAAC,OAAO,CAAC;KAC1C,CAAC;IACF,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;IAClC,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,QAAQ,CAAC,OAAO,GAAG,MAAM,CAAC;IAC5B,CAAC;SAAM,CAAC;QACN,QAAQ,CAAC,YAAY,GAAG,gBAAgB,CAAC;IAC3C,CAAC;IACD,IAAI,MAAM,EAAE,CAAC;QACX,QAAQ,CAAC,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC;IAChD,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,KAAa,EAAE,OAAsB;IACzE,MAAM,KAAK,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAC;IAChD,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;QACnB,OAAO;IACT,CAAC;IACD,MAAM,OAAO,GAAG,uBAAuB,CAAC,OAAO,CAAC,CAAC;IACjD,MAAM,KAAK,GAAG,KAAK,CAAC,SAAS,IAAI,QAAQ,CAAC;IAC1C,OAAO,CAAC,KAAK,CAAC,kBAAkB,KAAK,WAAW,KAAK,YAAY,KAAK,CAAC,SAAS,IAAI,GAAG,IAAI,OAAO,EAAE,CAAC,CAAC;AACxG,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iCAAiC,CACrD,KAA0D,EAC1D,OAAsB;IAEtB,MAAM,KAAK,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAC;IAChD,IAAI,CAAC,KAAK,CAAC,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;QACvC,OAAO;IACT,CAAC;IACD,IAAI,CAAC;QACH,MAAM,YAAY,GAAI,OAAkC,CAAC,QAAQ,CAAC;QAClE,MAAM,aAAa,GACjB,YAAY,IAAI,OAAO,YAAY,KAAK,QAAQ,IAAI,OAAQ,YAAwC,CAAC,aAAa,KAAK,QAAQ;YAC7H,CAAC,CAAG,YAAwC,CAAC,aAAwB;YACrE,CAAC,CAAC,SAAS,CAAC;QAChB,MAAM,qBAAqB,CAAC;YAC1B,KAAK,EAAE,KAAK;YACZ,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,IAAI,EAAE,0BAA0B,CAAC,OAAO,CAAC;YACzC,aAAa;SACd,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,+BAA+B;IACjC,CAAC;AACH,CAAC"}

package/dist/providers/core/strategies/oauth-auth-code-flow.d.ts CHANGED Viewed

@@ -40,6 +40,19 @@ export declare class OAuthAuthCodeFlowStrategy extends BaseOAuthFlowStrategy {
      * 处理令牌后激活（如API密钥交换）
      */
     private handlePostTokenActivation;
+    private resolveExpiresInSeconds;
+    private readPositiveNumber;
+    private readNonEmptyString;
+    private normalizeTokenResponse;
+    private buildTokenRequestHeaders;
+    /**
+     * Token endpoint requests keep headers minimal and bypass provider-level common headers,
+     * matching iFlow CLI behavior and avoiding compat surprises.
+     */
+    private requestTokenEndpoint;
+    private isIflowOAuthProvider;
+    private fetchIflowUserInfoWithRetry;
+    private applyAuthRedirectParams;
     private coerceStoredToken;
     private ensureStoredToken;
     /**

package/dist/providers/core/strategies/oauth-auth-code-flow.js CHANGED Viewed

@@ -67,15 +67,7 @@ export class OAuthAuthCodeFlowStrategy extends BaseOAuthFlowStrategy {
             // 3.2 更新授权URL中的重定向参数（与本地回调服务一致），再打开浏览器
             try {
                 const urlObj = new URL(authCodeData.authUrl);
-                const style = authCodeData.flowStyle;
-                if (style === 'web' || style === 'legacy') {
-                    // iflow web 登录样式：redirect=<redirectUri> & state=<state>
-                    // 由 URLSearchParams 负责一次性编码，避免双重编码；state 保持独立参数
-                    urlObj.searchParams.set('redirect', serverResult.redirectUri);
-                }
-                else {
-                    urlObj.searchParams.set('redirect_uri', serverResult.redirectUri);
-                }
+                this.applyAuthRedirectParams(urlObj, authCodeData.flowStyle, serverResult.redirectUri, authCodeData.state);
                 authCodeData.authUrl = urlObj.toString();
                 authCodeData.redirectUri = serverResult.redirectUri;
             }
@@ -127,6 +119,9 @@ export class OAuthAuthCodeFlowStrategy extends BaseOAuthFlowStrategy {
         }
         const styleEnv = (process.env.IFLOW_AUTH_STYLE || '').toLowerCase();
         const style = isIflowHost
+            // Official iFlow CLI auth URL shape:
+            // redirect=<encoded callback>&state=<state>&client_id=...
+            // In URLSearchParams this corresponds to "web" style (redirect raw + state top-level).
             ? normalizeFlowStyle(styleEnv, 'web')
             : styleEnv === 'legacy'
                 ? 'legacy'
@@ -136,12 +131,9 @@ export class OAuthAuthCodeFlowStrategy extends BaseOAuthFlowStrategy {
             const redirectUri = this.config.client.redirectUri;
             authUrl.searchParams.set('loginMethod', 'phone');
             authUrl.searchParams.set('type', 'phone');
-            authUrl.searchParams.set('redirect', encodeURIComponent(redirectUri));
+            authUrl.searchParams.set('redirect', redirectUri);
             authUrl.searchParams.set('state', state);
             authUrl.searchParams.set('client_id', this.config.client.clientId);
-            // 可选：保留 PKCE 参数（服务端可能忽略）
-            authUrl.searchParams.set('code_challenge', codeChallenge);
-            authUrl.searchParams.set('code_challenge_method', 'S256');
         }
         else if (style === 'legacy') {
             // 老式 iflow Web 登录参数（state 融合在 redirect），兼容历史
@@ -150,8 +142,6 @@ export class OAuthAuthCodeFlowStrategy extends BaseOAuthFlowStrategy {
             authUrl.searchParams.set('type', 'phone');
             authUrl.searchParams.set('redirect', `${encodeURIComponent(redirectUri)}&state=${state}`);
             authUrl.searchParams.set('client_id', this.config.client.clientId);
-            authUrl.searchParams.set('code_challenge', codeChallenge);
-            authUrl.searchParams.set('code_challenge_method', 'S256');
         }
         else {
             // 标准 OAuth2 授权码样式
@@ -186,7 +176,8 @@ export class OAuthAuthCodeFlowStrategy extends BaseOAuthFlowStrategy {
     async startCallbackServer(state, codeVerifier) {
         const http = await import('http');
         const url = await import('url');
-        // 固定回调路径为 /oauth2callback，但监听地址放宽为所有本地地址，避免 IPv4/IPv6 解析差异导致浏览器可访问但 Node 端口未监听
+        // 回调路径固定为 /oauth2callback；监听地址放宽为所有本地地址，
+        // 避免 localhost 在 IPv4/IPv6 解析差异时出现连接拒绝。
         const configured = this.config.client.redirectUri;
         let redirectHost = 'localhost';
         let port = 8080;
@@ -203,12 +194,46 @@ export class OAuthAuthCodeFlowStrategy extends BaseOAuthFlowStrategy {
             }
         }
         catch { /* ignore parsing errors */ }
+        const envPortRaw = String(process.env.OAUTH_CALLBACK_PORT || '').trim();
+        if (this.isIflowOAuthProvider() && !envPortRaw) {
+            // Align with official iFlow CLI: choose ephemeral callback port by default.
+            port = 0;
+        }
+        if (envPortRaw) {
+            const parsedEnvPort = Number(envPortRaw);
+            if (!Number.isFinite(parsedEnvPort) || parsedEnvPort <= 0 || parsedEnvPort > 65535) {
+                throw new Error(`Invalid value for OAUTH_CALLBACK_PORT: "${envPortRaw}"`);
+            }
+            port = parsedEnvPort;
+        }
         let timeoutHandle = null;
+        let listeningPort = port;
+        let startupSettled = false;
+        let resolveStartup = null;
+        let rejectStartup = null;
+        const startupPromise = new Promise((resolve, reject) => {
+            resolveStartup = resolve;
+            rejectStartup = reject;
+        });
+        const settleStartupSuccess = (boundPort) => {
+            if (startupSettled) {
+                return;
+            }
+            startupSettled = true;
+            resolveStartup?.(boundPort);
+        };
+        const settleStartupFailure = (message) => {
+            if (startupSettled) {
+                return;
+            }
+            startupSettled = true;
+            rejectStartup?.(new Error(message));
+        };
         const callbackPromise = new Promise((resolve, reject) => {
             const server = http.createServer(async (req, res) => {
                 try {
                     logOAuthDebug(`[OAuth] Callback server received request: ${req.url}`);
-                    const full = new url.URL(req.url || '/', `http://${redirectHost}:${port}`);
+                    const full = new url.URL(req.url || '/', `http://${redirectHost}:${listeningPort}`);
                     const reqPath = full.pathname || '';
                     const okPath = reqPath === pathName || /oauth.*callback/i.test(reqPath);
                     if (!req.url || !okPath) {
@@ -289,20 +314,43 @@ export class OAuthAuthCodeFlowStrategy extends BaseOAuthFlowStrategy {
                     reject(error instanceof Error ? error : new Error(String(error)));
                 }
             });
-            // 添加服务器错误处理
+            let retriedWithEphemeralPort = false;
             server.on('error', (error) => {
                 logOAuthDebug(`[OAuth] Callback server error: ${error.message}`);
+                if (error.code === 'EADDRINUSE' && !retriedWithEphemeralPort) {
+                    retriedWithEphemeralPort = true;
+                    console.warn(`[OAuth] Callback port ${port} is in use; retrying with an ephemeral local port.`);
+                    try {
+                        server.listen(0);
+                        return;
+                    }
+                    catch (listenError) {
+                        const msg = listenError instanceof Error ? listenError.message : String(listenError);
+                        const startupMsg = `Failed to retry callback server on ephemeral port: ${msg}`;
+                        settleStartupFailure(startupMsg);
+                        if (timeoutHandle) {
+                            clearTimeout(timeoutHandle);
+                        }
+                        reject(new Error(startupMsg));
+                        return;
+                    }
+                }
                 console.error('[OAuth] Callback server failed to start or encountered an error:', error.message);
+                const startupMsg = `Failed to start callback server: ${error.message}`;
+                settleStartupFailure(startupMsg);
                 if (timeoutHandle) {
                     clearTimeout(timeoutHandle);
                 }
-                reject(new Error(`Failed to start callback server: ${error.message}`));
+                reject(new Error(startupMsg));
             });
-            // 等待服务器完全启动
-            // 不指定 host，监听所有地址，避免 localhost 解析到仅 IPv6 或仅 IPv4 时造成连接被拒绝
-            server.listen(port, () => {
-                logOAuthDebug(`[OAuth] Callback server listening on 0.0.0.0:${port}${pathName} (redirect host=${redirectHost})`);
-                console.log(`[OAuth] Waiting for OAuth callback at http://${redirectHost}:${port}${pathName}`);
+            server.on('listening', () => {
+                const addr = server.address();
+                if (addr && typeof addr === 'object' && 'port' in addr && typeof addr.port === 'number') {
+                    listeningPort = addr.port;
+                }
+                settleStartupSuccess(listeningPort);
+                logOAuthDebug(`[OAuth] Callback server listening on 0.0.0.0:${listeningPort}${pathName} (redirect host=${redirectHost})`);
+                console.log(`[OAuth] Waiting for OAuth callback at http://${redirectHost}:${listeningPort}${pathName}`);
                 console.log(`[OAuth] You have 10 minutes to complete the authentication in your browser`);
                 try {
                     const envBrowser = String(process.env.ROUTECODEX_OAUTH_BROWSER || '').trim().toLowerCase();
@@ -327,9 +375,21 @@ export class OAuthAuthCodeFlowStrategy extends BaseOAuthFlowStrategy {
                     reject(new Error('OAuth callback timeout after 10 minutes'));
                 }, 10 * 60 * 1000);
             });
+            // 不指定 host，监听所有地址，避免 localhost 解析到仅 IPv6 或仅 IPv4 时造成连接被拒绝
+            try {
+                server.listen(port);
+            }
+            catch (listenError) {
+                const msg = listenError instanceof Error ? listenError.message : String(listenError);
+                const startupMsg = `Failed to start callback server: ${msg}`;
+                settleStartupFailure(startupMsg);
+                reject(new Error(startupMsg));
+            }
         });
+        // Wait for callback server to bind. This also allows EADDRINUSE fallback to settle final port.
+        listeningPort = await startupPromise;
         // 更新重定向URI（使用配置中的路径或默认）
-        const redirectUri = `http://${redirectHost}:${port}${pathName}`;
+        const redirectUri = `http://${redirectHost}:${listeningPort}${pathName}`;
         logOAuthDebug(`[OAuth] Callback redirect URI: ${redirectUri}`);
         return { callbackPromise, redirectUri };
     }
@@ -343,13 +403,7 @@ export class OAuthAuthCodeFlowStrategy extends BaseOAuthFlowStrategy {
             const serverResult = await this.startCallbackServer(data.state, data.codeVerifier);
             // 更新授权URL中的重定向参数
             const authUrl = new URL(data.authUrl);
-            if (data.flowStyle === 'web' || data.flowStyle === 'legacy') {
-                // 由 URLSearchParams 统一编码，不手动 encodeURIComponent，避免双重编码
-                authUrl.searchParams.set('redirect', serverResult.redirectUri);
-            }
-            else {
-                authUrl.searchParams.set('redirect_uri', serverResult.redirectUri);
-            }
+            this.applyAuthRedirectParams(authUrl, data.flowStyle, serverResult.redirectUri, data.state);
             data.authUrl = authUrl.toString();
             data.redirectUri = serverResult.redirectUri;
             // 等待回调
@@ -375,21 +429,12 @@ export class OAuthAuthCodeFlowStrategy extends BaseOAuthFlowStrategy {
         if (this.config.client.clientSecret) {
             formData.append('client_secret', this.config.client.clientSecret);
         }
-        // iflow web 登录样式常用 Basic(client_id:client_secret)
-        const tokenHeaders = { 'Content-Type': 'application/x-www-form-urlencoded' };
-        if (this.config.client.clientSecret) {
-            const basic = Buffer.from(`${this.config.client.clientId}:${this.config.client.clientSecret}`).toString('base64');
-            tokenHeaders['Authorization'] = `Basic ${basic}`;
-        }
-        const response = await this.makeRequest(this.config.endpoints.tokenUrl, {
-            method: 'POST',
-            headers: tokenHeaders,
-            body: formData
-        });
+        const response = await this.requestTokenEndpoint(formData);
         if (!response.ok) {
             throw await this.parseErrorResponse(response);
         }
-        return await response.json();
+        const raw = await response.json();
+        return this.normalizeTokenResponse(raw);
     }
     /**
      * 生成状态参数
@@ -405,7 +450,10 @@ export class OAuthAuthCodeFlowStrategy extends BaseOAuthFlowStrategy {
         // 尝试获取API密钥（如果有用户信息端点）
         if (this.config.features?.supportsApiKeyExchange && this.config.endpoints.userInfoUrl && tokenResponse.access_token) {
             try {
-                const userInfoResponse = await this.makeRequest(`${this.config.endpoints.userInfoUrl}?accessToken=${encodeURIComponent(tokenResponse.access_token)}`, { method: 'GET' });
+                const userInfoUrl = `${this.config.endpoints.userInfoUrl}?accessToken=${encodeURIComponent(tokenResponse.access_token)}`;
+                const userInfoResponse = this.isIflowOAuthProvider()
+                    ? await this.fetchIflowUserInfoWithRetry(userInfoUrl)
+                    : await this.makeRequest(userInfoUrl, { method: 'GET' });
                 if (userInfoResponse.ok) {
                     const userInfo = await userInfoResponse.json();
                     const apiKey = typeof userInfo.apiKey === 'string'
@@ -433,11 +481,167 @@ export class OAuthAuthCodeFlowStrategy extends BaseOAuthFlowStrategy {
             }
         }
         // 转换为标准格式
-        const expiresAt = Date.now() + (tokenResponse.expires_in * 1000);
+        const expiresIn = this.resolveExpiresInSeconds(tokenResponse);
+        const expiresAt = Date.now() + (expiresIn * 1000);
+        enrichedToken.expires_in = expiresIn;
         enrichedToken.expires_at = expiresAt;
         enrichedToken.expired = new Date(expiresAt).toISOString();
         return enrichedToken;
     }
+    resolveExpiresInSeconds(tokenResponse) {
+        const parsePositiveNumber = (value) => {
+            if (typeof value === 'number' && Number.isFinite(value) && value > 0) {
+                return value;
+            }
+            if (typeof value === 'string') {
+                const parsed = Number(value.trim());
+                if (Number.isFinite(parsed) && parsed > 0) {
+                    return parsed;
+                }
+            }
+            return null;
+        };
+        const direct = parsePositiveNumber(tokenResponse.expires_in) ??
+            parsePositiveNumber(tokenResponse.expiresIn) ??
+            parsePositiveNumber(tokenResponse.expires);
+        if (direct !== null) {
+            return direct;
+        }
+        const storedExpiresAt = this.tokenStorage?.expires_at;
+        const remainingMs = typeof storedExpiresAt === 'number' && Number.isFinite(storedExpiresAt)
+            ? storedExpiresAt - Date.now()
+            : NaN;
+        if (Number.isFinite(remainingMs) && remainingMs > 60_000) {
+            return Math.floor(remainingMs / 1000);
+        }
+        // Fallback: avoid NaN timestamp crashes when provider omits expires_in.
+        return 3600;
+    }
+    readPositiveNumber(value) {
+        if (typeof value === 'number' && Number.isFinite(value) && value > 0) {
+            return value;
+        }
+        if (typeof value === 'string') {
+            const parsed = Number(value.trim());
+            if (Number.isFinite(parsed) && parsed > 0) {
+                return parsed;
+            }
+        }
+        return null;
+    }
+    readNonEmptyString(value) {
+        return typeof value === 'string' && value.trim().length > 0 ? value.trim() : undefined;
+    }
+    normalizeTokenResponse(payload) {
+        const root = payload && typeof payload === 'object'
+            ? payload
+            : {};
+        const data = root.data && typeof root.data === 'object'
+            ? root.data
+            : root;
+        const accessToken = this.readNonEmptyString(data.access_token) ??
+            this.readNonEmptyString(data.accessToken) ??
+            this.readNonEmptyString(data.token);
+        const message = this.readNonEmptyString(root.message) ??
+            this.readNonEmptyString(root.msg) ??
+            this.readNonEmptyString(root.error_description) ??
+            this.readNonEmptyString(root.error?.message);
+        const code = this.readNonEmptyString(root.code);
+        const markedFailure = root.success === false || (code !== undefined && code !== '' && code !== '0');
+        if (!accessToken) {
+            if (markedFailure) {
+                throw new Error(`OAuth token endpoint rejected request${code ? ` (${code})` : ''}: ${message || 'unknown error'}`);
+            }
+            throw new Error(`OAuth token endpoint response missing access_token${message ? `: ${message}` : ''}`);
+        }
+        return {
+            access_token: accessToken,
+            refresh_token: this.readNonEmptyString(data.refresh_token) ??
+                this.readNonEmptyString(data.refreshToken),
+            token_type: this.readNonEmptyString(data.token_type) ??
+                this.readNonEmptyString(data.tokenType),
+            scope: this.readNonEmptyString(data.scope),
+            expires_in: this.readPositiveNumber(data.expires_in) ??
+                this.readPositiveNumber(data.expiresIn) ??
+                this.readPositiveNumber(data.expires) ??
+                undefined,
+            resource_url: this.readNonEmptyString(data.resource_url) ?? this.readNonEmptyString(data.resourceUrl),
+            apiKey: this.readNonEmptyString(data.apiKey) ?? this.readNonEmptyString(data.api_key)
+        };
+    }
+    buildTokenRequestHeaders() {
+        const tokenHeaders = {
+            'Content-Type': 'application/x-www-form-urlencoded'
+        };
+        if (this.config.client.clientSecret) {
+            const basic = Buffer.from(`${this.config.client.clientId}:${this.config.client.clientSecret}`).toString('base64');
+            tokenHeaders.Authorization = `Basic ${basic}`;
+        }
+        return tokenHeaders;
+    }
+    /**
+     * Token endpoint requests keep headers minimal and bypass provider-level common headers,
+     * matching iFlow CLI behavior and avoiding compat surprises.
+     */
+    async requestTokenEndpoint(formData) {
+        return this.httpClient(this.config.endpoints.tokenUrl, {
+            method: 'POST',
+            headers: this.buildTokenRequestHeaders(),
+            body: formData.toString()
+        });
+    }
+    isIflowOAuthProvider() {
+        const authUrl = String(this.config.endpoints.authorizationUrl || '').toLowerCase();
+        const tokenUrl = String(this.config.endpoints.tokenUrl || '').toLowerCase();
+        const userInfoUrl = String(this.config.endpoints.userInfoUrl || '').toLowerCase();
+        return (authUrl.includes('iflow.cn') ||
+            tokenUrl.includes('iflow.cn/oauth/token') ||
+            userInfoUrl.includes('iflow.cn/api/oauth/getuserinfo'));
+    }
+    async fetchIflowUserInfoWithRetry(url) {
+        const retryDelaysMs = [1000, 2000, 3000];
+        let lastError;
+        for (let attempt = 0; attempt < retryDelaysMs.length; attempt++) {
+            try {
+                const response = await this.httpClient(url, { method: 'GET' });
+                if (response.ok) {
+                    return response;
+                }
+                const shouldRetry = (response.status >= 500 || response.status === 408 || response.status === 429) &&
+                    attempt < retryDelaysMs.length - 1;
+                if (!shouldRetry) {
+                    return response;
+                }
+            }
+            catch (error) {
+                lastError = error;
+                if (attempt >= retryDelaysMs.length - 1) {
+                    break;
+                }
+            }
+            await new Promise((resolve) => setTimeout(resolve, retryDelaysMs[attempt]));
+        }
+        throw lastError instanceof Error ? lastError : new Error('Failed to fetch iFlow user info');
+    }
+    applyAuthRedirectParams(authUrl, flowStyle, redirectUri, state) {
+        if (flowStyle === 'legacy') {
+            // Keep parity with official iFlow CLI:
+            // redirect=<encodeURIComponent(redirectUri)>&state=<state> (state embedded in redirect).
+            authUrl.searchParams.delete('state');
+            authUrl.searchParams.delete('redirect_uri');
+            authUrl.searchParams.set('redirect', `${encodeURIComponent(redirectUri)}&state=${state}`);
+            return;
+        }
+        if (flowStyle === 'web') {
+            authUrl.searchParams.delete('redirect_uri');
+            authUrl.searchParams.set('redirect', redirectUri);
+            authUrl.searchParams.set('state', state);
+            return;
+        }
+        authUrl.searchParams.delete('redirect');
+        authUrl.searchParams.delete('state');
+        authUrl.searchParams.set('redirect_uri', redirectUri);
+    }
     coerceStoredToken(token) {
         if (!token || typeof token !== 'object') {
             return null;
@@ -446,7 +650,25 @@ export class OAuthAuthCodeFlowStrategy extends BaseOAuthFlowStrategy {
         const candidate = record.token && typeof record.token === 'object'
             ? record.token
             : record;
-        if (typeof candidate.access_token === 'string' && typeof candidate.expires_in === 'number') {
+        if (typeof candidate.access_token !== 'string') {
+            return null;
+        }
+        const expiresInRaw = candidate.expires_in ?? candidate.expiresIn ?? candidate.expires;
+        if (typeof expiresInRaw === 'number' && Number.isFinite(expiresInRaw) && expiresInRaw > 0) {
+            candidate.expires_in = expiresInRaw;
+            return candidate;
+        }
+        if (typeof expiresInRaw === 'string') {
+            const parsed = Number(expiresInRaw.trim());
+            if (Number.isFinite(parsed) && parsed > 0) {
+                candidate.expires_in = parsed;
+                return candidate;
+            }
+        }
+        if (typeof candidate.expires_at === 'number' && Number.isFinite(candidate.expires_at)) {
+            return candidate;
+        }
+        if (typeof candidate.expired === 'string' && Number.isFinite(Date.parse(candidate.expired))) {
             return candidate;
         }
         return null;
@@ -479,17 +701,12 @@ export class OAuthAuthCodeFlowStrategy extends BaseOAuthFlowStrategy {
                 if (this.config.client.clientSecret) {
                     formData.append('client_secret', this.config.client.clientSecret);
                 }
-                const response = await this.makeRequest(this.config.endpoints.tokenUrl, {
-                    method: 'POST',
-                    headers: {
-                        'Content-Type': 'application/x-www-form-urlencoded'
-                    },
-                    body: formData
-                });
+                const response = await this.requestTokenEndpoint(formData);
                 if (!response.ok) {
                     throw await this.parseErrorResponse(response);
                 }
-                const tokenData = await response.json();
+                const raw = await response.json();
+                const tokenData = this.normalizeTokenResponse(raw);
                 // Google OAuth doesn't always return a new refresh_token during refresh
                 // Preserve the original refresh_token if not provided in the new response
                 if (!tokenData.refresh_token && refreshToken) {