@jsonstudio/rcc 0.89.935 → 0.89.1083

package/scripts/tests/apply-patch-loop.mjs

@@ -8,6 +8,7 @@ import { Readable } from 'node:stream';
 import http from 'node:http';
 import { setTimeout as delay } from 'node:timers/promises';
 import { spawnSync } from 'node:child_process';
+import chalk from 'chalk';
 import { createTempConfig, startServer, stopServer } from '../lib/routecodex-runner.mjs';
 import { GeminiSemanticMapper } from '../../sharedmodule/llmswitch-core/dist/conversion/hub/semantic-mappers/gemini-mapper.js';
 
@@ -30,6 +31,8 @@ const STAGE_SUFFIX = '_req_outbound_stage2_format_build.json';
 const STAGE1_SUFFIX = '_req_outbound_stage1_semantic_map.json';
 const MOCK_PROVIDER_ID = 'mock.apply_patch.toolloop';
 
+const chalkError = typeof chalk?.redBright === 'function' ? chalk.redBright : (value) => value;
+
 function listProcessesOnPort(port) {
   try {
     const res = spawnSync('lsof', ['-ti', `tcp:${port}`], { encoding: 'utf-8' });
@@ -702,6 +705,7 @@ async function main() {
 }
 
 main().catch((error) => {
-  console.error(`[tool-loop] FAILED: ${error.message}`);
+  const msg = error instanceof Error ? (error.stack || error.message) : String(error ?? '');
+  console.error(chalkError(`[tool-loop] FAILED: ${msg}`));
   process.exit(1);
 });

package/scripts/tests/exec-command-loop.mjs

@@ -1,12 +1,12 @@
 #!/usr/bin/env node
 /**
- * exec_command TOON → JSON 回环验证（模拟 Responses 客户端）。
+ * exec_command JSON 形态回环验证（模拟 Responses 客户端）。
  *
  * 目标：
- * - 构造一条带 exec_command TOON arguments 的 chat 响应；
- * - 通过 llmswitch-core 的 response 工具过滤管线（ResponseToolArgumentsToonDecodeFilter）做解码；
- * - 使用 codex 的工具注册表 validateToolCall 校验最终 JSON 形状（必须包含 cmd，且不再暴露 toon）；
- * - 只从“客户端视角”观察：发送/接收的都是 JSON，TOON 对客户端完全透明。
+ * - 构造一条带 exec_command JSON arguments 的 chat 响应；
+ * - 通过 llmswitch-core 的 response 工具过滤管线做统一治理；
+ * - 校验最终 JSON 形状（必须包含 cmd，且不暴露 toon）；
+ * - 再通过 Responses 映射验证 /v1/responses 视图同样保持 JSON 语义。
  */
 
 import path from 'node:path';
@@ -25,9 +25,9 @@ async function main() {
     'conversion/responses/responses-openai-bridge'
   );
 
-  // 构造一条模拟的 chat 响应，其中 exec_command 使用 TOON 编码参数。
+  // 构造一条模拟的 chat 响应，其中 exec_command 直接使用 JSON 编码参数。
   const chatPayload = {
-    id: 'chatcmpl_exec_toon',
+    id: 'chatcmpl_exec_args',
     object: 'chat.completion',
     created: Math.floor(Date.now() / 1000),
     model: 'gpt-5.2-codex',
@@ -39,18 +39,15 @@ async function main() {
           content: null,
           tool_calls: [
             {
-              id: 'call_exec_toon',
+              id: 'call_exec_args',
               type: 'function',
               function: {
                 name: 'exec_command',
                 arguments: JSON.stringify({
-                  toon: [
-                    'cmd: echo 1',
-                    'yield_time_ms: 500',
-                    'max_output_tokens: 128',
-                    'shell: /bin/bash',
-                    'login: false'
-                  ].join('\n')
+                  cmd: 'echo 1',
+                  workdir: '.',
+                  yield_time_ms: 500,
+                  max_output_tokens: 128
                 })
               }
             }
@@ -61,10 +58,10 @@ async function main() {
     ]
   };
 
-  // 通过 response 工具管线运行，触发 TOON → JSON 解码。
+  // 通过 response 工具管线运行，触发统一的工具参数治理/归一化。
   const filtered = await runChatResponseToolFilters(chatPayload, {
     entryEndpoint: '/v1/chat/completions',
-    requestId: 'req_exec_toon',
+    requestId: 'req_exec_args',
     profile: 'openai-chat'
   });
 
@@ -116,7 +113,7 @@ async function main() {
   // 延伸验证：基于 chat 结果构建 Responses payload，确保 /v1/responses 视图中的
   // function_call.arguments 同样保持 exec_command JSON 语义，而不会重新出现 toon。
   const responsesPayload = buildResponsesPayloadFromChat(filtered, {
-    requestId: 'verify_exec_command_toon'
+    requestId: 'verify_exec_command_args'
   });
   const outputItems = Array.isArray(responsesPayload?.output) ? responsesPayload.output : [];
   const fnCall = outputItems.find(
@@ -153,7 +150,7 @@ async function main() {
   console.log(
     `[exec-command-loop] decoded cmd="${args.cmd}" yield_time_ms=${args.yield_time_ms ?? 'n/a'} max_output_tokens=${args.max_output_tokens ?? 'n/a'}`
   );
-  console.log('✅ exec_command TOON decode passed (chat + responses views are JSON-only)');
+  console.log('✅ exec_command arguments normalization passed (chat + responses views are JSON-only)');
 }
 
 main().catch((error) => {

package/scripts/verify-apply-patch.mjs

@@ -7,6 +7,7 @@
  */
 import path from 'node:path';
 import { fileURLToPath, pathToFileURL } from 'node:url';
+import chalk from 'chalk';
 
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 const repoRoot = path.resolve(__dirname, '..');
@@ -14,6 +15,8 @@ const coreLoaderPath = path.join(repoRoot, 'dist', 'modules', 'llmswitch', 'core
 const coreLoaderUrl = pathToFileURL(coreLoaderPath).href;
 const { importCoreModule } = await import(coreLoaderUrl);
 
+const chalkError = typeof chalk?.redBright === 'function' ? chalk.redBright : (value) => value;
+
 async function loadCoreModule(subpath) {
   return importCoreModule(subpath);
 }
@@ -99,6 +102,47 @@ async function runApplyPatchTextCase(label, payloadText) {
   }
 }
 
+async function runApplyPatchArgsCase(label, argsString) {
+  const { validateToolCall } = await loadCoreModule('tools/tool-registry');
+  const validation = validateToolCall('apply_patch', argsString);
+  if (!validation?.ok) {
+    throw new Error(
+      `[verify-apply-patch] ${label}: validateToolCall failed with reason=${validation?.reason}`
+    );
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(validation.normalizedArgs || '{}');
+  } catch (error) {
+    throw new Error(
+      `[verify-apply-patch] ${label}: normalized arguments not valid JSON: ${(error && error.message) || String(error)}`
+    );
+  }
+  const normalizedPatchText =
+    typeof parsed?.patch === 'string'
+      ? parsed.patch
+      : typeof parsed?.input === 'string'
+        ? parsed.input
+        : '';
+  if (!normalizedPatchText) {
+    throw new Error(`[verify-apply-patch] ${label}: missing normalized patch text`);
+  }
+  if (!normalizedPatchText.startsWith('*** Begin Patch')) {
+    throw new Error(`[verify-apply-patch] ${label}: patch does not start with *** Begin Patch`);
+  }
+  if (!normalizedPatchText.includes('\n*** End Patch')) {
+    throw new Error(`[verify-apply-patch] ${label}: patch missing *** End Patch`);
+  }
+  if (
+    normalizedPatchText.includes('*** End Patch","input":"*** Begin Patch') ||
+    normalizedPatchText.includes('*** End Patch","patch":"*** Begin Patch') ||
+    normalizedPatchText.includes('*** End Patch\\",\\"input\\":\\"*** Begin Patch') ||
+    normalizedPatchText.includes('*** End Patch\\",\\"patch\\":\\"*** Begin Patch')
+  ) {
+    throw new Error(`[verify-apply-patch] ${label}: patch still contains stitched JSON keys`);
+  }
+}
+
 async function main() {
   if (String(process.env.ROUTECODEX_VERIFY_SKIP || '').trim() === '1') {
     console.log('[verify-apply-patch] 跳过（ROUTECODEX_VERIFY_SKIP=1）');
@@ -106,6 +150,294 @@ async function main() {
   }
 
   try {
+    const { validateToolCall } = await loadCoreModule('tools/tool-registry');
+    const escapeNewlines = (value) => String(value || '').replace(/\n/g, '\\n');
+
+    // Regression: tolerate newline-escaped patch text (e.g. "*** Begin Patch\\n...") and
+    // normalize into a real multi-line unified diff string.
+    {
+      const escapedPatch = '*** Begin Patch\\n*** End Patch';
+      const validation = validateToolCall('apply_patch', escapedPatch);
+      if (!validation?.ok) {
+        throw new Error(
+          `[verify-apply-patch] escaped_patch: validateToolCall failed with reason=${validation?.reason}`
+        );
+      }
+      let parsed;
+      try {
+        parsed = JSON.parse(validation.normalizedArgs);
+      } catch (error) {
+        throw new Error(
+          `[verify-apply-patch] escaped_patch: normalized arguments not valid JSON: ${(error && error.message) || String(error)}`
+        );
+      }
+      const patchText =
+        typeof parsed?.patch === 'string'
+          ? parsed.patch
+          : typeof parsed?.input === 'string'
+            ? parsed.input
+            : '';
+      if (!patchText || typeof patchText !== 'string') {
+        throw new Error('[verify-apply-patch] escaped_patch: missing patch text in normalized args');
+      }
+      if (patchText.includes('\\n') && !patchText.includes('\n')) {
+        throw new Error('[verify-apply-patch] escaped_patch: patch still contains literal \\\\n without real newlines');
+      }
+      if (patchText.split('\n')[0] !== '*** Begin Patch') {
+        throw new Error('[verify-apply-patch] escaped_patch: patch first line is not *** Begin Patch');
+      }
+    }
+
+    // Regression: validateToolCall should be idempotent for already-normalized JSON arguments.
+    // Previously we could mis-detect the whole JSON as patch text, producing a merged line like:
+    //   "*** End Patch\",\"input\":\"*** Begin Patch"
+    {
+      const patchText = '*** Begin Patch\n*** End Patch';
+      const alreadyNormalized = JSON.stringify({ patch: patchText, input: patchText });
+      const validation = validateToolCall('apply_patch', alreadyNormalized);
+      if (!validation?.ok) {
+        throw new Error(
+          `[verify-apply-patch] already_normalized: validateToolCall failed with reason=${validation?.reason}`
+        );
+      }
+      const parsed = JSON.parse(validation.normalizedArgs);
+      const normalizedPatchText =
+        typeof parsed?.patch === 'string'
+          ? parsed.patch
+          : typeof parsed?.input === 'string'
+            ? parsed.input
+            : '';
+      if (!normalizedPatchText) {
+        throw new Error('[verify-apply-patch] already_normalized: missing patch text in normalized args');
+      }
+      if (normalizedPatchText.includes('","input":"*** Begin Patch') || normalizedPatchText.includes('*** End Patch","input":"')) {
+        throw new Error('[verify-apply-patch] already_normalized: patch text incorrectly contains serialized JSON keys');
+      }
+      if (normalizedPatchText.split('\n')[0] !== '*** Begin Patch') {
+        throw new Error('[verify-apply-patch] already_normalized: patch first line is not *** Begin Patch');
+      }
+      if (!normalizedPatchText.includes('*** End Patch')) {
+        throw new Error('[verify-apply-patch] already_normalized: patch missing *** End Patch');
+      }
+    }
+
+    // Regression: accept a typical sequence of apply_patch calls (add/update/append/escape/multi-hunk/delete).
+    // Note: we only validate tool governance & patch text normalization, not filesystem application.
+    {
+      const addBasic = [
+        '*** Begin Patch',
+        '*** Add File: .apply_patch_basic_add.txt',
+        '+apply_patch basic add ok',
+        '+line2',
+        '*** End Patch'
+      ].join('\n');
+      const updateBasic = [
+        '*** Begin Patch',
+        '*** Update File: .apply_patch_basic_add.txt',
+        '@@',
+        '-apply_patch basic add ok',
+        '+apply_patch basic add+update ok',
+        ' line2',
+        '*** End Patch'
+      ].join('\n');
+      const appendBasic = [
+        '*** Begin Patch',
+        '*** Update File: .apply_patch_basic_add.txt',
+        '@@',
+        ' apply_patch basic add+update ok',
+        ' line2',
+        '+line3 (append)',
+        '*** End Patch'
+      ].join('\n');
+      const addEscapeChars = [
+        '*** Begin Patch',
+        '*** Add File: .apply_patch_escape_chars.txt',
+        '+quotes: "double" and \'single\'',
+        '+backslash: \\',
+        '+json: {"a":1,"b":"x"}',
+        '+template: ${notInterpolated}',
+        '*** End Patch'
+      ].join('\n');
+      const addMulti = [
+        '*** Begin Patch',
+        '*** Add File: .apply_patch_multi_hunk.txt',
+        '+Header',
+        '+Section A',
+        '+Section B',
+        '+Footer',
+        '*** End Patch'
+      ].join('\n');
+      const updateMulti = [
+        '*** Begin Patch',
+        '*** Update File: .apply_patch_multi_hunk.txt',
+        '@@',
+        ' Header',
+        '-Section A',
+        '+Section A (updated)',
+        ' Section B',
+        ' Footer',
+        '@@',
+        ' Header',
+        ' Section A (updated)',
+        '-Section B',
+        '+Section B (updated)',
+        ' Footer',
+        '*** End Patch'
+      ].join('\n');
+      const deleteBasic = [
+        '*** Begin Patch',
+        '*** Delete File: .apply_patch_basic_add.txt',
+        '*** End Patch'
+      ].join('\n');
+      const deleteEscapeChars = [
+        '*** Begin Patch',
+        '*** Delete File: .apply_patch_escape_chars.txt',
+        '*** End Patch'
+      ].join('\n');
+      const deleteMulti = [
+        '*** Begin Patch',
+        '*** Delete File: .apply_patch_multi_hunk.txt',
+        '*** End Patch'
+      ].join('\n');
+
+      const cases = [
+        ['seq_basic_add_text', addBasic],
+        ['seq_basic_update_text', updateBasic],
+        ['seq_basic_append_text', appendBasic],
+        ['seq_escape_chars_text', addEscapeChars],
+        ['seq_multi_add_text', addMulti],
+        ['seq_multi_update_text', updateMulti],
+        ['seq_basic_delete_text', deleteBasic],
+        ['seq_escape_chars_delete_text', deleteEscapeChars],
+        ['seq_multi_delete_text', deleteMulti]
+      ];
+
+      for (const [label, patchText] of cases) {
+        await runApplyPatchArgsCase(label, patchText);
+        await runApplyPatchArgsCase(
+          `${label}_json`,
+          JSON.stringify({ patch: patchText, input: patchText })
+        );
+        await runApplyPatchArgsCase(
+          `${label}_json_escaped_newlines`,
+          JSON.stringify({ patch: escapeNewlines(patchText), input: escapeNewlines(patchText) })
+        );
+      }
+    }
+
+    // Regression: tolerate <arg_key>/<arg_value> artifacts stitched into patch strings.
+    // Some upstream providers may leak XML-like markup into JSON string fields.
+    {
+      const patchText = [
+        '*** Begin Patch',
+        '*** Delete File: .apply_patch_escape_test.txt',
+        '*** End Patch'
+      ].join('\n');
+      const injected = `${patchText}</arg_key><arg_value>input</arg_key><arg_value>${patchText}`;
+      const argsString = JSON.stringify({ patch: injected });
+      const validation = validateToolCall('apply_patch', argsString);
+      if (!validation?.ok) {
+        throw new Error(
+          `[verify-apply-patch] arg_key_artifacts: validateToolCall failed with reason=${validation?.reason}`
+        );
+      }
+      const parsed = JSON.parse(validation.normalizedArgs);
+      const normalizedPatchText =
+        typeof parsed?.patch === 'string'
+          ? parsed.patch
+          : typeof parsed?.input === 'string'
+            ? parsed.input
+            : '';
+      if (normalizedPatchText.includes('</arg_key><arg_value>')) {
+        throw new Error('[verify-apply-patch] arg_key_artifacts: patch still contains arg_key artifacts');
+      }
+      if (parsed?.patch !== parsed?.input) {
+        throw new Error('[verify-apply-patch] arg_key_artifacts: patch/input mismatch after normalization');
+      }
+    }
+
+    // Regression: invalid JSON containers should be classified as invalid_json (not missing_changes).
+    {
+      const invalidJson = '{"file":"a.ts","changes":[{"kind":"create_file","lines":["x"],"file</arg_key><arg_value>a.ts"}]}';
+      const validation = validateToolCall('apply_patch', invalidJson);
+      if (validation?.ok || validation?.reason !== 'invalid_json') {
+        throw new Error(
+          `[verify-apply-patch] invalid_json: expected invalid_json reason, got ok=${validation?.ok} reason=${validation?.reason}`
+        );
+      }
+    }
+
+    // Regression: patches can contain ``` blocks inside file content; do not treat them as outer fences.
+    {
+      const patchText = [
+        '*** Begin Patch',
+        '*** Add File: src/demo-codefence.md',
+        '+```json',
+        '+{\"ok\":true}',
+        '+```',
+        '*** End Patch'
+      ].join('\n');
+      const validation = validateToolCall('apply_patch', patchText);
+      if (!validation?.ok) {
+        throw new Error(
+          `[verify-apply-patch] inner_codefence: validateToolCall failed with reason=${validation?.reason}`
+        );
+      }
+      const parsed = JSON.parse(validation.normalizedArgs);
+      const normalizedPatchText =
+        typeof parsed?.patch === 'string'
+          ? parsed.patch
+          : typeof parsed?.input === 'string'
+            ? parsed.input
+            : '';
+      if (!normalizedPatchText.startsWith('*** Begin Patch')) {
+        throw new Error('[verify-apply-patch] inner_codefence: patch lost *** Begin Patch header');
+      }
+      if (!normalizedPatchText.includes('*** Add File: src/demo-codefence.md')) {
+        throw new Error('[verify-apply-patch] inner_codefence: missing Add File header');
+      }
+      if (!normalizedPatchText.includes('+```json') || !normalizedPatchText.includes('+```')) {
+        throw new Error('[verify-apply-patch] inner_codefence: missing fenced lines inside patch');
+      }
+    }
+
+    // Regression: tolerate newline-escaped snippets inside structured payload fields.
+    // Some models/clients double-escape multi-line anchors/targets (e.g. "\\n  ").
+    {
+      const structuredArgs = JSON.stringify({
+        file: 'src/demo-escaped-snippet.ts',
+        changes: [
+          {
+            kind: 'replace',
+            target: 'const alpha = 1;\\n  const beta = 2;',
+            lines: ['const alpha = 1;', '  const beta = 3;']
+          }
+        ]
+      });
+      const validation = validateToolCall('apply_patch', structuredArgs);
+      if (!validation?.ok) {
+        throw new Error(
+          `[verify-apply-patch] escaped_structured_snippet: validateToolCall failed with reason=${validation?.reason}`
+        );
+      }
+      const parsed = JSON.parse(validation.normalizedArgs);
+      const patchText =
+        typeof parsed?.patch === 'string'
+          ? parsed.patch
+          : typeof parsed?.input === 'string'
+            ? parsed.input
+            : '';
+      if (!patchText) {
+        throw new Error('[verify-apply-patch] escaped_structured_snippet: missing patch text in normalized args');
+      }
+      if (patchText.includes('const alpha = 1;\\n') || patchText.includes('\\n  const beta = 2;')) {
+        throw new Error('[verify-apply-patch] escaped_structured_snippet: patch still contains literal \\\\n in target');
+      }
+      if (!patchText.includes('-const alpha = 1;') || !patchText.includes('-  const beta = 2;')) {
+        throw new Error('[verify-apply-patch] escaped_structured_snippet: expected multi-line "-" target not found');
+      }
+    }
+
     const plainJson = JSON.stringify({
       file: 'src/demo.ts',
       changes: [
@@ -136,11 +468,9 @@ async function main() {
 
     console.log('✅ verify-apply-patch: text→tool_calls pipeline passed');
   } catch (error) {
-    console.error(error);
-    console.error(
-      '❌ verify-apply-patch 失败:',
-      error instanceof Error ? error.message : String(error ?? 'Unknown error')
-    );
+    const msg = error instanceof Error ? (error.stack || error.message) : String(error ?? 'Unknown error');
+    console.error(chalkError(msg));
+    console.error(chalkError(`❌ verify-apply-patch 失败: ${error instanceof Error ? error.message : String(error ?? 'Unknown error')}`));
     process.exit(1);
   }
 }

package/scripts/verify-e2e-toolcall.mjs

@@ -29,6 +29,24 @@ const AGENTS_INSTRUCTIONS = (() => {
   }
 })();
 
+function readServerApiKeyFromConfig(configPath) {
+  try {
+    const raw = fs.readFileSync(configPath, 'utf8');
+    const json = raw && raw.trim() ? JSON.parse(raw) : {};
+    const apikey = json?.httpserver?.apikey;
+    return typeof apikey === 'string' && apikey.trim() ? apikey.trim() : '';
+  } catch {
+    return '';
+  }
+}
+
+function buildAuthHeaders(serverApiKey) {
+  if (!serverApiKey) {
+    return {};
+  }
+  return { 'x-api-key': serverApiKey };
+}
+
 async function main() {
   if (!VERIFY_CONFIG) {
     console.error('❌ ROUTECODEX_VERIFY_CONFIG 未设置，无法运行端到端校验');
@@ -36,6 +54,8 @@ async function main() {
   }
 
   console.log(`[verify:e2e-toolcall] 使用配置: ${VERIFY_CONFIG}`);
+  const serverApiKey = readServerApiKeyFromConfig(VERIFY_CONFIG);
+  const authHeaders = buildAuthHeaders(serverApiKey);
   const serverEnv = {
     ...process.env,
     ROUTECODEX_CONFIG_PATH: VERIFY_CONFIG,
@@ -61,11 +81,12 @@ async function main() {
   try {
     await waitForServer();
     await waitForRouterWarmup();
-    await runToolcallVerification();
+    await runModelsSmokeCheck(authHeaders);
+    await runToolcallVerification(authHeaders);
     console.log('✅ 端到端工具调用校验通过');
 
-    await runDaemonAdminSmokeCheck();
-    await runConfigV2ProvidersSmokeCheck();
+    await runDaemonAdminSmokeCheck(authHeaders);
+    await runConfigV2ProvidersSmokeCheck(authHeaders);
 
     // 附加：Gemini CLI 配置健康性快速检查（仅尝试初始化，不做请求）
     await runGeminiCliStartupCheck();
@@ -74,6 +95,23 @@ async function main() {
   }
 }
 
+async function runModelsSmokeCheck(authHeaders) {
+  try {
+    const res = await fetch(`${VERIFY_BASE}/models`, { headers: { ...(authHeaders || {}) } });
+    if (!res.ok) {
+      throw new Error(`/models HTTP ${res.status}`);
+    }
+    const json = await res.json();
+    const data = Array.isArray(json?.data) ? json.data : [];
+    if (!Array.isArray(data)) {
+      throw new Error('/models response missing data array');
+    }
+  } catch (error) {
+    console.error('[verify:e2e-toolcall] /models smoke 检查失败:', error);
+    throw error;
+  }
+}
+
 async function waitForServer(timeoutMs = 30000) {
   const start = Date.now();
   while (Date.now() - start < timeoutMs) {
@@ -97,7 +135,7 @@ async function waitForRouterWarmup(defaultDelayMs = 3000) {
   await new Promise((resolve) => setTimeout(resolve, delayMs));
 }
 
-async function runToolcallVerification() {
+async function runToolcallVerification(authHeaders) {
   const userPrompt = '请严格调用名为 list_local_files 的函数工具来列出当前工作目录的文件，只能通过调用该工具完成任务，禁止直接回答。';
   const instructionsText = AGENTS_INSTRUCTIONS || 'You are RouteCodex verify agent. Follow the policies in AGENTS.md.';
   const body = {
@@ -139,7 +177,8 @@ async function runToolcallVerification() {
   const response = await fetch(`${VERIFY_BASE}/v1/responses`, {
     method: 'POST',
     headers: {
-      'Content-Type': 'application/json'
+      'Content-Type': 'application/json',
+      ...(authHeaders || {})
     },
     body: JSON.stringify(body)
   });
@@ -166,10 +205,10 @@ async function runToolcallVerification() {
   }
 }
 
-async function runDaemonAdminSmokeCheck() {
+async function runDaemonAdminSmokeCheck(authHeaders) {
   // 仅做最小的健康性探测：确保 daemon 管理类只读 API 可用，不做语义校验。
   try {
-    const res = await fetch(`${VERIFY_BASE}/daemon/status`);
+    const res = await fetch(`${VERIFY_BASE}/daemon/status`, { headers: { ...(authHeaders || {}) } });
     if (!res.ok) {
       throw new Error(`daemon/status HTTP ${res.status}`);
     }
@@ -185,7 +224,7 @@ async function runDaemonAdminSmokeCheck() {
   const paths = ['/daemon/credentials', '/quota/summary', '/providers/runtimes'];
   for (const path of paths) {
     try {
-      const res = await fetch(`${VERIFY_BASE}${path}`);
+      const res = await fetch(`${VERIFY_BASE}${path}`, { headers: { ...(authHeaders || {}) } });
       if (!res.ok) {
         throw new Error(`${path} HTTP ${res.status}`);
       }
@@ -198,9 +237,9 @@ async function runDaemonAdminSmokeCheck() {
   }
 }
 
-async function runConfigV2ProvidersSmokeCheck() {
+async function runConfigV2ProvidersSmokeCheck(authHeaders) {
   try {
-    const res = await fetch(`${VERIFY_BASE}/config/providers/v2`);
+    const res = await fetch(`${VERIFY_BASE}/config/providers/v2`, { headers: { ...(authHeaders || {}) } });
     if (!res.ok) {
       throw new Error(`/config/providers/v2 HTTP ${res.status}`);
     }