@juspay/neurolink 9.37.0 → 9.39.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +12 -0
- package/dist/browser/neurolink.min.js +566 -515
- package/dist/lib/models/anthropicModels.d.ts +3 -1
- package/dist/lib/models/anthropicModels.js +37 -1
- package/dist/lib/processors/media/VideoProcessor.d.ts +8 -2
- package/dist/lib/processors/media/VideoProcessor.js +90 -41
- package/dist/lib/providers/anthropic.js +38 -6
- package/dist/lib/server/routes/claudeProxyRoutes.js +187 -13
- package/dist/lib/telemetry/telemetryService.d.ts +1 -1
- package/dist/lib/telemetry/telemetryService.js +27 -13
- package/dist/models/anthropicModels.d.ts +3 -1
- package/dist/models/anthropicModels.js +37 -1
- package/dist/processors/media/VideoProcessor.d.ts +8 -2
- package/dist/processors/media/VideoProcessor.js +90 -41
- package/dist/providers/anthropic.js +38 -6
- package/dist/server/routes/claudeProxyRoutes.js +187 -13
- package/dist/telemetry/telemetryService.d.ts +1 -1
- package/dist/telemetry/telemetryService.js +27 -13
- package/package.json +7 -7
- package/dist/processors/media/ffprobe-static.d.ts +0 -4
|
@@ -10,8 +10,9 @@
|
|
|
10
10
|
* The extracted content is formatted as text + images that can be sent to any
|
|
11
11
|
* AI provider for analysis.
|
|
12
12
|
*
|
|
13
|
-
* Uses
|
|
14
|
-
*
|
|
13
|
+
* Uses mediabunny (pure TypeScript) for metadata extraction, with fluent-ffmpeg
|
|
14
|
+
* as a fallback for unsupported formats. Requires ffmpeg for keyframe/subtitle
|
|
15
|
+
* extraction (via ffmpeg-static or system PATH).
|
|
15
16
|
*
|
|
16
17
|
* Key features:
|
|
17
18
|
* - Adaptive keyframe extraction intervals based on video duration
|
|
@@ -42,10 +43,10 @@
|
|
|
42
43
|
* }
|
|
43
44
|
* ```
|
|
44
45
|
*/
|
|
45
|
-
/// <reference path="./ffprobe-static.d.ts" />
|
|
46
46
|
import { randomUUID } from "crypto";
|
|
47
47
|
import ffmpegCommand from "fluent-ffmpeg";
|
|
48
48
|
import { createWriteStream, existsSync, promises as fs } from "fs";
|
|
49
|
+
import { Input, FilePathSource, ALL_FORMATS } from "mediabunny";
|
|
49
50
|
import { tmpdir } from "os";
|
|
50
51
|
import { join } from "path";
|
|
51
52
|
import { Readable } from "stream";
|
|
@@ -64,8 +65,12 @@ import { logger } from "../../utils/logger.js";
|
|
|
64
65
|
*/
|
|
65
66
|
let ffmpegPathInitialized = false;
|
|
66
67
|
/**
|
|
67
|
-
* Initialize ffmpeg
|
|
68
|
-
* Tries ffmpeg-static
|
|
68
|
+
* Initialize ffmpeg binary paths.
|
|
69
|
+
* Tries ffmpeg-static first, falls back to system binary in PATH.
|
|
70
|
+
*
|
|
71
|
+
* Note: ffprobe-static has been removed. Metadata probing now uses mediabunny
|
|
72
|
+
* (pure TypeScript) as the primary method, with ffprobe as a fallback only when
|
|
73
|
+
* mediabunny cannot handle the format (e.g., AVI, FLV).
|
|
69
74
|
*
|
|
70
75
|
* This is called lazily on the first processFile() invocation so that the module
|
|
71
76
|
* can be imported without side effects.
|
|
@@ -91,27 +96,6 @@ async function initFfmpegPaths() {
|
|
|
91
96
|
catch {
|
|
92
97
|
// Use system ffmpeg (already in PATH)
|
|
93
98
|
}
|
|
94
|
-
// Try ffprobe-static first, fall back to system ffprobe
|
|
95
|
-
try {
|
|
96
|
-
const ffprobeStatic = (await import("ffprobe-static"));
|
|
97
|
-
// Direct path property (CommonJS default)
|
|
98
|
-
if (typeof ffprobeStatic["path"] === "string" &&
|
|
99
|
-
existsSync(ffprobeStatic["path"])) {
|
|
100
|
-
ffmpegCommand.setFfprobePath(ffprobeStatic["path"]);
|
|
101
|
-
}
|
|
102
|
-
else if (ffprobeStatic["default"] &&
|
|
103
|
-
typeof ffprobeStatic["default"] === "object" &&
|
|
104
|
-
typeof ffprobeStatic["default"]["path"] ===
|
|
105
|
-
"string") {
|
|
106
|
-
const probePath = ffprobeStatic["default"]["path"];
|
|
107
|
-
if (existsSync(probePath)) {
|
|
108
|
-
ffmpegCommand.setFfprobePath(probePath);
|
|
109
|
-
}
|
|
110
|
-
}
|
|
111
|
-
}
|
|
112
|
-
catch {
|
|
113
|
-
// Use system ffprobe (already in PATH)
|
|
114
|
-
}
|
|
115
99
|
}
|
|
116
100
|
// =============================================================================
|
|
117
101
|
// CONSTANTS
|
|
@@ -372,23 +356,33 @@ export class VideoProcessor extends BaseFileProcessor {
|
|
|
372
356
|
const extension = this.getExtensionFromFileInfo(fileInfo);
|
|
373
357
|
const tempVideoPath = join(tempDir, `input${extension}`);
|
|
374
358
|
await this.writeBufferToFile(buffer, tempVideoPath);
|
|
375
|
-
// Step 4: Extract metadata
|
|
376
|
-
|
|
377
|
-
|
|
378
|
-
|
|
379
|
-
|
|
380
|
-
|
|
381
|
-
|
|
382
|
-
|
|
383
|
-
|
|
384
|
-
|
|
385
|
-
|
|
386
|
-
|
|
387
|
-
|
|
359
|
+
// Step 4: Extract metadata — try mediabunny first (pure TS, no binary),
|
|
360
|
+
// fall back to ffprobe for formats mediabunny doesn't support (AVI, FLV, WMV).
|
|
361
|
+
let metadata;
|
|
362
|
+
const mediabunnyResult = await this.probeVideoWithMediabunny(tempVideoPath);
|
|
363
|
+
if (mediabunnyResult.success && mediabunnyResult.data) {
|
|
364
|
+
metadata = { ...mediabunnyResult.data, fileSize: buffer.length };
|
|
365
|
+
}
|
|
366
|
+
else {
|
|
367
|
+
// Fall back to ffprobe (requires system ffprobe to be available)
|
|
368
|
+
const probeResult = await this.probeVideo(tempVideoPath);
|
|
369
|
+
if (probeResult.success && probeResult.data) {
|
|
370
|
+
metadata = this.buildMetadata(probeResult.data, buffer.length);
|
|
371
|
+
}
|
|
372
|
+
}
|
|
373
|
+
if (!metadata) {
|
|
374
|
+
metadata = {
|
|
375
|
+
duration: 0,
|
|
376
|
+
durationFormatted: "unknown",
|
|
377
|
+
width: 0,
|
|
378
|
+
height: 0,
|
|
379
|
+
codec: "unknown",
|
|
380
|
+
fps: 0,
|
|
381
|
+
bitrate: 0,
|
|
382
|
+
subtitleTracks: 0,
|
|
383
|
+
fileSize: buffer.length,
|
|
388
384
|
};
|
|
389
385
|
}
|
|
390
|
-
const probeData = probeResult.data;
|
|
391
|
-
const metadata = this.buildMetadata(probeData, buffer.length);
|
|
392
386
|
// Record video-specific metadata on span
|
|
393
387
|
span.setAttribute(ATTR.VIDEO_DURATION_SEC, metadata.duration);
|
|
394
388
|
span.setAttribute(ATTR.VIDEO_WIDTH, metadata.width);
|
|
@@ -494,6 +488,61 @@ export class VideoProcessor extends BaseFileProcessor {
|
|
|
494
488
|
});
|
|
495
489
|
});
|
|
496
490
|
}
|
|
491
|
+
/**
|
|
492
|
+
* Probe a video file using mediabunny (pure TypeScript, no native binary).
|
|
493
|
+
* Falls back to ffprobe if mediabunny fails or doesn't support the format.
|
|
494
|
+
*/
|
|
495
|
+
async probeVideoWithMediabunny(filePath) {
|
|
496
|
+
let input;
|
|
497
|
+
try {
|
|
498
|
+
input = new Input({
|
|
499
|
+
source: new FilePathSource(filePath),
|
|
500
|
+
formats: [...ALL_FORMATS],
|
|
501
|
+
});
|
|
502
|
+
const duration = await input.computeDuration();
|
|
503
|
+
const videoTrack = await input.getPrimaryVideoTrack();
|
|
504
|
+
const audioTrack = await input.getPrimaryAudioTrack();
|
|
505
|
+
const allTracks = await input.getTracks();
|
|
506
|
+
const subtitleTracks = allTracks.filter((t) => !t.isVideoTrack() && !t.isAudioTrack());
|
|
507
|
+
// Get FPS from video track packet stats (sample a small number of packets)
|
|
508
|
+
let fps = 0;
|
|
509
|
+
if (videoTrack) {
|
|
510
|
+
try {
|
|
511
|
+
const stats = await videoTrack.computePacketStats(120);
|
|
512
|
+
fps = Math.round(stats.averagePacketRate * 100) / 100;
|
|
513
|
+
}
|
|
514
|
+
catch {
|
|
515
|
+
// FPS unavailable — non-fatal
|
|
516
|
+
}
|
|
517
|
+
}
|
|
518
|
+
return {
|
|
519
|
+
success: true,
|
|
520
|
+
data: {
|
|
521
|
+
duration: duration ?? 0,
|
|
522
|
+
durationFormatted: this.formatDuration(duration ?? 0),
|
|
523
|
+
width: videoTrack?.displayWidth ?? 0,
|
|
524
|
+
height: videoTrack?.displayHeight ?? 0,
|
|
525
|
+
codec: videoTrack?.codec ?? "unknown",
|
|
526
|
+
fps,
|
|
527
|
+
bitrate: 0,
|
|
528
|
+
audioCodec: audioTrack?.codec ?? undefined,
|
|
529
|
+
audioChannels: audioTrack?.numberOfChannels,
|
|
530
|
+
audioSampleRate: audioTrack?.sampleRate,
|
|
531
|
+
subtitleTracks: subtitleTracks.length,
|
|
532
|
+
fileSize: 0,
|
|
533
|
+
},
|
|
534
|
+
};
|
|
535
|
+
}
|
|
536
|
+
catch (error) {
|
|
537
|
+
return {
|
|
538
|
+
success: false,
|
|
539
|
+
error: `mediabunny failed: ${error instanceof Error ? error.message : String(error)}`,
|
|
540
|
+
};
|
|
541
|
+
}
|
|
542
|
+
finally {
|
|
543
|
+
input?.dispose();
|
|
544
|
+
}
|
|
545
|
+
}
|
|
497
546
|
/**
|
|
498
547
|
* Build a structured metadata object from ffprobe data.
|
|
499
548
|
*
|
|
@@ -140,7 +140,24 @@ const detectSubscriptionTier = (oauthToken) => {
|
|
|
140
140
|
* OAuth takes precedence over API key if both are available.
|
|
141
141
|
*/
|
|
142
142
|
const detectAuthMethod = (oauthToken) => {
|
|
143
|
-
//
|
|
143
|
+
// Explicit env var takes highest precedence — allows forcing api_key mode
|
|
144
|
+
// even when OAuth credentials exist (e.g., when using a proxy that handles auth)
|
|
145
|
+
const explicit = process.env.ANTHROPIC_AUTH_METHOD?.toLowerCase();
|
|
146
|
+
if (explicit === "api_key" || explicit === "apikey") {
|
|
147
|
+
logger.debug("[detectAuthMethod] Forced to api_key by ANTHROPIC_AUTH_METHOD env var");
|
|
148
|
+
return "api_key";
|
|
149
|
+
}
|
|
150
|
+
if (explicit === "oauth") {
|
|
151
|
+
if (oauthToken) {
|
|
152
|
+
logger.debug("[detectAuthMethod] Forced to oauth by ANTHROPIC_AUTH_METHOD env var");
|
|
153
|
+
return "oauth";
|
|
154
|
+
}
|
|
155
|
+
logger.warn("[detectAuthMethod] ANTHROPIC_AUTH_METHOD=oauth but no OAuth token found; falling through to auto-detection");
|
|
156
|
+
}
|
|
157
|
+
else if (explicit) {
|
|
158
|
+
logger.warn("[detectAuthMethod] Unrecognized ANTHROPIC_AUTH_METHOD value; falling through to auto-detection", { value: explicit });
|
|
159
|
+
}
|
|
160
|
+
// Auto-detect: OAuth takes precedence if available
|
|
144
161
|
const method = oauthToken ? "oauth" : "api_key";
|
|
145
162
|
logger.debug("[detectAuthMethod] Auth method resolved", {
|
|
146
163
|
method,
|
|
@@ -200,11 +217,22 @@ export class AnthropicProvider extends BaseProvider {
|
|
|
200
217
|
constructor(modelName, sdk, config) {
|
|
201
218
|
// Pre-compute effective model with tier validation before calling super
|
|
202
219
|
const oauthToken = config?.oauthToken ?? getOAuthToken();
|
|
203
|
-
|
|
220
|
+
// Resolve auth method FIRST so that tier detection uses the chosen method.
|
|
221
|
+
// If ANTHROPIC_AUTH_METHOD=api_key wins over an existing OAuth token, the
|
|
222
|
+
// tier must reflect api_key mode (full model access) rather than the OAuth
|
|
223
|
+
// token's subscription level.
|
|
224
|
+
const authMethod = config?.authMethod ?? detectAuthMethod(oauthToken);
|
|
225
|
+
const subscriptionTier = config?.subscriptionTier ??
|
|
226
|
+
(authMethod === "oauth" ? detectSubscriptionTier(oauthToken) : "api");
|
|
204
227
|
const targetModel = modelName || getDefaultAnthropicModel();
|
|
205
|
-
// Determine effective model based on tier access
|
|
228
|
+
// Determine effective model based on tier access.
|
|
229
|
+
// Skip tier validation when a proxy is in use (ANTHROPIC_BASE_URL is set)
|
|
230
|
+
// — the proxy handles model access and auth, so the SDK should pass
|
|
231
|
+
// the requested model through without downgrading.
|
|
206
232
|
let effectiveModel = targetModel;
|
|
207
|
-
|
|
233
|
+
const usingProxy = !!process.env.ANTHROPIC_BASE_URL;
|
|
234
|
+
if (!usingProxy &&
|
|
235
|
+
subscriptionTier !== "api" &&
|
|
208
236
|
!isModelAvailableForTier(targetModel, subscriptionTier)) {
|
|
209
237
|
effectiveModel = getRecommendedModelForTier(subscriptionTier);
|
|
210
238
|
logger.warn("Model not available for subscription tier, using recommended model", {
|
|
@@ -219,8 +247,8 @@ export class AnthropicProvider extends BaseProvider {
|
|
|
219
247
|
// Store computed values
|
|
220
248
|
this.oauthToken = oauthToken;
|
|
221
249
|
this.subscriptionTier = subscriptionTier;
|
|
222
|
-
//
|
|
223
|
-
this.authMethod =
|
|
250
|
+
// Use the auth method already resolved above (before tier computation)
|
|
251
|
+
this.authMethod = authMethod;
|
|
224
252
|
// Build headers based on auth method and subscription tier
|
|
225
253
|
const headers = this.getAuthHeaders();
|
|
226
254
|
// Create Anthropic instance based on auth method
|
|
@@ -348,6 +376,10 @@ export class AnthropicProvider extends BaseProvider {
|
|
|
348
376
|
* ```
|
|
349
377
|
*/
|
|
350
378
|
validateModelAccess(model) {
|
|
379
|
+
// Proxy mode: bypass tier validation entirely — the proxy handles model access
|
|
380
|
+
if (process.env.ANTHROPIC_BASE_URL) {
|
|
381
|
+
return true;
|
|
382
|
+
}
|
|
351
383
|
// API tier has access to all models
|
|
352
384
|
if (this.subscriptionTier === "api") {
|
|
353
385
|
return true;
|
|
@@ -9,6 +9,9 @@
|
|
|
9
9
|
* provider/model pairs (e.g. "claude-sonnet-4-20250514" -> vertex/gemini-2.5-pro).
|
|
10
10
|
* Without a router, models are passed through to the Anthropic provider.
|
|
11
11
|
*/
|
|
12
|
+
import { readFile, access } from "node:fs/promises";
|
|
13
|
+
import { join } from "node:path";
|
|
14
|
+
import { homedir } from "node:os";
|
|
12
15
|
import { parseClaudeRequest, serializeClaudeResponse, ClaudeStreamSerializer, buildClaudeError, generateToolUseId, } from "../../proxy/claudeFormat.js";
|
|
13
16
|
import { logger } from "../../utils/logger.js";
|
|
14
17
|
import { recordRequest, recordSuccess, recordError, recordCooldown, } from "../../proxy/usageStats.js";
|
|
@@ -81,6 +84,127 @@ function advancePrimaryIfCurrent(accountKey, enabledCount, primaryAccountKey) {
|
|
|
81
84
|
primaryAccountIndex = (primaryAccountIndex + 1) % enabledCount;
|
|
82
85
|
}
|
|
83
86
|
// ---------------------------------------------------------------------------
|
|
87
|
+
// OAuth polyfill helpers (extracted to reduce block nesting)
|
|
88
|
+
// ---------------------------------------------------------------------------
|
|
89
|
+
const snapshotCache = new Map();
|
|
90
|
+
const SNAPSHOT_CACHE_TTL_MS = 5 * 60 * 1000; // 5 minutes
|
|
91
|
+
/**
|
|
92
|
+
* Load a header snapshot captured from a real Claude Code session and apply
|
|
93
|
+
* any headers the client didn't send. This makes non-Claude-Code requests
|
|
94
|
+
* (e.g. from Curator, custom apps) appear identical to Claude Code.
|
|
95
|
+
*/
|
|
96
|
+
async function applyHeaderSnapshot(headers, accountLabel) {
|
|
97
|
+
try {
|
|
98
|
+
// Sanitize accountLabel to prevent directory traversal
|
|
99
|
+
const safeLabel = accountLabel.replace(/[^a-zA-Z0-9._@-]/g, "_");
|
|
100
|
+
// Check cache first
|
|
101
|
+
const cached = snapshotCache.get(safeLabel);
|
|
102
|
+
if (cached && Date.now() - cached.loadedAt < SNAPSHOT_CACHE_TTL_MS) {
|
|
103
|
+
for (const [sk, sv] of Object.entries(cached.headers)) {
|
|
104
|
+
const lower = sk.toLowerCase();
|
|
105
|
+
if (typeof sv === "string" &&
|
|
106
|
+
!headers[lower] &&
|
|
107
|
+
!BLOCKED_UPSTREAM_HEADERS.has(lower) &&
|
|
108
|
+
lower !== "authorization" &&
|
|
109
|
+
lower !== "x-api-key") {
|
|
110
|
+
headers[lower] = sv;
|
|
111
|
+
}
|
|
112
|
+
}
|
|
113
|
+
return;
|
|
114
|
+
}
|
|
115
|
+
const snapshotPath = join(homedir(), ".neurolink", "header-snapshots", `anthropic_${safeLabel}.json`);
|
|
116
|
+
try {
|
|
117
|
+
await access(snapshotPath);
|
|
118
|
+
}
|
|
119
|
+
catch {
|
|
120
|
+
return;
|
|
121
|
+
}
|
|
122
|
+
const snapshot = JSON.parse(await readFile(snapshotPath, "utf8"));
|
|
123
|
+
if (!snapshot.headers) {
|
|
124
|
+
return;
|
|
125
|
+
}
|
|
126
|
+
// Store in cache
|
|
127
|
+
snapshotCache.set(safeLabel, {
|
|
128
|
+
headers: snapshot.headers,
|
|
129
|
+
loadedAt: Date.now(),
|
|
130
|
+
});
|
|
131
|
+
for (const [sk, sv] of Object.entries(snapshot.headers)) {
|
|
132
|
+
const lower = sk.toLowerCase();
|
|
133
|
+
if (typeof sv === "string" &&
|
|
134
|
+
!headers[lower] &&
|
|
135
|
+
!BLOCKED_UPSTREAM_HEADERS.has(lower) &&
|
|
136
|
+
lower !== "authorization" &&
|
|
137
|
+
lower !== "x-api-key") {
|
|
138
|
+
headers[lower] = sv;
|
|
139
|
+
}
|
|
140
|
+
}
|
|
141
|
+
}
|
|
142
|
+
catch {
|
|
143
|
+
// Snapshot missing or corrupt — continue without it
|
|
144
|
+
}
|
|
145
|
+
}
|
|
146
|
+
/**
|
|
147
|
+
* Polyfill the request body for OAuth accounts.
|
|
148
|
+
* Claude Code injects a billing header, agent block, and metadata.user_id
|
|
149
|
+
* into the body. Non-CC clients (Curator, custom apps) don't send these —
|
|
150
|
+
* Anthropic rejects without them.
|
|
151
|
+
*/
|
|
152
|
+
function polyfillOAuthBody(bodyStr, accountToken) {
|
|
153
|
+
try {
|
|
154
|
+
const parsed = JSON.parse(bodyStr);
|
|
155
|
+
// Billing header block (required by Anthropic for OAuth)
|
|
156
|
+
const randomHex = Math.random().toString(16).substring(2, 5);
|
|
157
|
+
const billingBlock = {
|
|
158
|
+
type: "text",
|
|
159
|
+
text: `x-anthropic-billing-header: cc_version=2.1.86.${randomHex}; cc_entrypoint=cli; cch=proxy;`,
|
|
160
|
+
};
|
|
161
|
+
const agentBlock = {
|
|
162
|
+
type: "text",
|
|
163
|
+
text: "You are a Claude agent, built on Anthropic's Claude Agent SDK.",
|
|
164
|
+
};
|
|
165
|
+
// Normalise system to array and prepend billing + agent
|
|
166
|
+
if (parsed.system) {
|
|
167
|
+
if (typeof parsed.system === "string") {
|
|
168
|
+
parsed.system = [{ type: "text", text: parsed.system }];
|
|
169
|
+
}
|
|
170
|
+
if (Array.isArray(parsed.system)) {
|
|
171
|
+
const hasBilling = parsed.system.some((b) => typeof b.text === "string" &&
|
|
172
|
+
b.text.includes("x-anthropic-billing-header"));
|
|
173
|
+
const hasAgent = parsed.system.some((b) => typeof b.text === "string" && b.text.includes("Claude Agent SDK"));
|
|
174
|
+
const toInsert = [];
|
|
175
|
+
if (!hasBilling) {
|
|
176
|
+
toInsert.push(billingBlock);
|
|
177
|
+
}
|
|
178
|
+
if (!hasAgent) {
|
|
179
|
+
toInsert.push(agentBlock);
|
|
180
|
+
}
|
|
181
|
+
if (toInsert.length > 0) {
|
|
182
|
+
parsed.system = [...toInsert, ...parsed.system];
|
|
183
|
+
}
|
|
184
|
+
}
|
|
185
|
+
}
|
|
186
|
+
else {
|
|
187
|
+
parsed.system = [billingBlock, agentBlock];
|
|
188
|
+
}
|
|
189
|
+
// Inject metadata.user_id (required for OAuth)
|
|
190
|
+
if (!parsed.metadata?.user_id) {
|
|
191
|
+
const tokenPrefix = accountToken.substring(0, Math.min(20, accountToken.length));
|
|
192
|
+
const hash = Array.from(new TextEncoder().encode(tokenPrefix))
|
|
193
|
+
.reduce((a, b) => ((a << 5) - a + b) | 0, 0)
|
|
194
|
+
.toString(16)
|
|
195
|
+
.replace("-", "");
|
|
196
|
+
parsed.metadata = {
|
|
197
|
+
...parsed.metadata,
|
|
198
|
+
user_id: `proxy-${hash}`,
|
|
199
|
+
};
|
|
200
|
+
}
|
|
201
|
+
return JSON.stringify(parsed);
|
|
202
|
+
}
|
|
203
|
+
catch {
|
|
204
|
+
return bodyStr; // JSON parse failed — use original body
|
|
205
|
+
}
|
|
206
|
+
}
|
|
207
|
+
// ---------------------------------------------------------------------------
|
|
84
208
|
// Legacy credential refresh helper (extracted to reduce block nesting)
|
|
85
209
|
// ---------------------------------------------------------------------------
|
|
86
210
|
async function tryLoadLegacyAccount(creds, legacyCredPath) {
|
|
@@ -158,17 +282,29 @@ export function createClaudeProxyRoutes(modelRouter, basePath = "", accountStrat
|
|
|
158
282
|
handler: async (ctx) => {
|
|
159
283
|
const body = ctx.body;
|
|
160
284
|
// 1. Validate
|
|
161
|
-
if (
|
|
285
|
+
if (typeof body?.model !== "string" ||
|
|
286
|
+
!Array.isArray(body?.messages)) {
|
|
162
287
|
return buildClaudeError(400, "Missing required fields: model, messages");
|
|
163
288
|
}
|
|
164
289
|
// 2. Resolve model via router (or pass through to anthropic)
|
|
290
|
+
// Guard: without a model router, only Claude models are allowed.
|
|
291
|
+
const modelLower = body.model.toLowerCase();
|
|
292
|
+
if (!modelRouter && !modelLower.startsWith("claude-")) {
|
|
293
|
+
return buildClaudeError(404, `Model '${body.model}' is not an Anthropic model. ` +
|
|
294
|
+
`The proxy only supports Claude models. ` +
|
|
295
|
+
`Use a model router to route non-Claude models to other providers.`);
|
|
296
|
+
}
|
|
165
297
|
const route = modelRouter?.resolve(body.model) ?? {
|
|
166
298
|
provider: "anthropic",
|
|
167
299
|
model: body.model,
|
|
168
300
|
};
|
|
169
301
|
try {
|
|
170
302
|
// 3. Route based on target provider
|
|
171
|
-
|
|
303
|
+
if (route.provider === null) {
|
|
304
|
+
return buildClaudeError(404, `Model '${body.model}' is not a Claude model. ` +
|
|
305
|
+
`Use a model router to route it to another provider.`);
|
|
306
|
+
}
|
|
307
|
+
const isClaudeTarget = route.provider === "anthropic";
|
|
172
308
|
if (isClaudeTarget) {
|
|
173
309
|
// ─── PASSTHROUGH MODE (Claude → Claude) ───────────────
|
|
174
310
|
const fs = await import("fs");
|
|
@@ -435,27 +571,54 @@ export function createClaudeProxyRoutes(modelRouter, basePath = "", accountStrat
|
|
|
435
571
|
headers["content-type"] = "application/json";
|
|
436
572
|
if (isOAuth) {
|
|
437
573
|
headers["authorization"] = `Bearer ${account.token}`;
|
|
574
|
+
delete headers["x-api-key"];
|
|
438
575
|
}
|
|
439
576
|
else {
|
|
440
577
|
headers["x-api-key"] = account.token;
|
|
441
578
|
delete headers["authorization"];
|
|
442
579
|
}
|
|
443
|
-
//
|
|
580
|
+
// Apply header snapshot defaults for OAuth accounts
|
|
581
|
+
if (isOAuth) {
|
|
582
|
+
await applyHeaderSnapshot(headers, account.label);
|
|
583
|
+
}
|
|
584
|
+
// Hard defaults for anything still missing
|
|
444
585
|
if (!headers["user-agent"]) {
|
|
445
|
-
headers["user-agent"] = "claude-cli/2.1.
|
|
586
|
+
headers["user-agent"] = "claude-cli/2.1.86 (external, cli)";
|
|
446
587
|
}
|
|
447
588
|
if (!headers["anthropic-version"]) {
|
|
448
589
|
headers["anthropic-version"] = "2023-06-01";
|
|
449
590
|
}
|
|
450
|
-
|
|
451
|
-
|
|
452
|
-
|
|
453
|
-
|
|
591
|
+
if (!headers["anthropic-dangerous-direct-browser-access"]) {
|
|
592
|
+
headers["anthropic-dangerous-direct-browser-access"] = "true";
|
|
593
|
+
}
|
|
594
|
+
// Manage anthropic-beta header based on auth type.
|
|
595
|
+
// OAuth requires specific betas; API-key must NOT carry them.
|
|
596
|
+
if (isOAuth) {
|
|
597
|
+
const existing = new Set((headers["anthropic-beta"] ?? "")
|
|
598
|
+
.split(",")
|
|
599
|
+
.map((s) => s.trim())
|
|
600
|
+
.filter(Boolean));
|
|
601
|
+
existing.add("oauth-2025-04-20");
|
|
602
|
+
existing.add("claude-code-20250219");
|
|
603
|
+
headers["anthropic-beta"] = [...existing].join(",");
|
|
454
604
|
}
|
|
455
|
-
else
|
|
456
|
-
|
|
457
|
-
|
|
605
|
+
else {
|
|
606
|
+
// Strip OAuth-specific betas that may have leaked from client
|
|
607
|
+
const cleaned = (headers["anthropic-beta"] ?? "")
|
|
608
|
+
.split(",")
|
|
609
|
+
.map((s) => s.trim())
|
|
610
|
+
.filter((s) => s && s !== "oauth-2025-04-20")
|
|
611
|
+
.join(",");
|
|
612
|
+
if (cleaned) {
|
|
613
|
+
headers["anthropic-beta"] = cleaned;
|
|
614
|
+
}
|
|
615
|
+
else {
|
|
616
|
+
delete headers["anthropic-beta"];
|
|
617
|
+
}
|
|
458
618
|
}
|
|
619
|
+
// Polyfill request body for OAuth accounts
|
|
620
|
+
const buildUpstreamBody = () => isOAuth ? polyfillOAuthBody(bodyStr, account.token) : bodyStr;
|
|
621
|
+
const finalBodyStr = buildUpstreamBody();
|
|
459
622
|
logger.always(`[proxy] → account=${account.label} (${account.type})`);
|
|
460
623
|
recordRequest(account.label, account.type);
|
|
461
624
|
// Log full request for debugging (written to ~/.neurolink/logs/proxy-debug-*.jsonl)
|
|
@@ -465,7 +628,7 @@ export function createClaudeProxyRoutes(modelRouter, basePath = "", accountStrat
|
|
|
465
628
|
response = await fetch(url, {
|
|
466
629
|
method: "POST",
|
|
467
630
|
headers,
|
|
468
|
-
body:
|
|
631
|
+
body: finalBodyStr,
|
|
469
632
|
signal: AbortSignal.timeout(UPSTREAM_FETCH_TIMEOUT_MS),
|
|
470
633
|
});
|
|
471
634
|
}
|
|
@@ -497,6 +660,7 @@ export function createClaudeProxyRoutes(modelRouter, basePath = "", accountStrat
|
|
|
497
660
|
}
|
|
498
661
|
else {
|
|
499
662
|
const date = new Date(retryAfter);
|
|
663
|
+
// eslint-disable-next-line max-depth
|
|
500
664
|
if (!Number.isNaN(date.getTime())) {
|
|
501
665
|
cooldownMs = Math.max(date.getTime() - Date.now(), 1000);
|
|
502
666
|
}
|
|
@@ -530,12 +694,14 @@ export function createClaudeProxyRoutes(modelRouter, basePath = "", accountStrat
|
|
|
530
694
|
authRetryError = `refresh failed for account=${account.label} attempt ${authRetry + 1}/${MAX_AUTH_RETRIES}: ${refreshSucceeded.error?.slice(0, 200) ?? "unknown"}`;
|
|
531
695
|
lastError = authRetryError;
|
|
532
696
|
logger.always(`[proxy] ⚠ account=${account.label} refresh failed on attempt ${authRetry + 1}`);
|
|
697
|
+
// eslint-disable-next-line max-depth
|
|
533
698
|
if (accountState.consecutiveRefreshFailures >=
|
|
534
699
|
MAX_CONSECUTIVE_REFRESH_FAILURES) {
|
|
535
700
|
await disableAccountUntilReauth(account, accountState);
|
|
536
701
|
authFailureMessage = formatReauthMessage(account.label);
|
|
537
702
|
break;
|
|
538
703
|
}
|
|
704
|
+
// eslint-disable-next-line max-depth
|
|
539
705
|
if (authRetry < MAX_AUTH_RETRIES - 1) {
|
|
540
706
|
await sleep(2000);
|
|
541
707
|
}
|
|
@@ -549,9 +715,10 @@ export function createClaudeProxyRoutes(modelRouter, basePath = "", accountStrat
|
|
|
549
715
|
const retryResp = await fetch(url, {
|
|
550
716
|
method: "POST",
|
|
551
717
|
headers,
|
|
552
|
-
body:
|
|
718
|
+
body: buildUpstreamBody(),
|
|
553
719
|
signal: AbortSignal.timeout(UPSTREAM_FETCH_TIMEOUT_MS),
|
|
554
720
|
});
|
|
721
|
+
// eslint-disable-next-line max-depth
|
|
555
722
|
if (retryResp.ok) {
|
|
556
723
|
authRetrySucceeded = true;
|
|
557
724
|
accountState.consecutiveRefreshFailures = 0;
|
|
@@ -647,6 +814,7 @@ export function createClaudeProxyRoutes(modelRouter, basePath = "", accountStrat
|
|
|
647
814
|
lastError = retryBody;
|
|
648
815
|
logger.debug(`[proxy] retry ${authRetry + 1} failed: ${retryStatus} ${retryBody.substring(0, 120)}`);
|
|
649
816
|
recordError(account.label, account.type, retryStatus);
|
|
817
|
+
// eslint-disable-next-line max-depth
|
|
650
818
|
if (retryStatus === 429) {
|
|
651
819
|
sawRateLimit = true;
|
|
652
820
|
const retryAfter = retryResp.headers.get("retry-after");
|
|
@@ -659,6 +827,7 @@ export function createClaudeProxyRoutes(modelRouter, basePath = "", accountStrat
|
|
|
659
827
|
recordCooldown(account.label, account.type, accountState.coolingUntil, accountState.backoffLevel);
|
|
660
828
|
break;
|
|
661
829
|
}
|
|
830
|
+
// eslint-disable-next-line max-depth
|
|
662
831
|
if (retryStatus === 401 ||
|
|
663
832
|
retryStatus === 402 ||
|
|
664
833
|
retryStatus === 403) {
|
|
@@ -668,12 +837,14 @@ export function createClaudeProxyRoutes(modelRouter, basePath = "", accountStrat
|
|
|
668
837
|
}
|
|
669
838
|
continue;
|
|
670
839
|
}
|
|
840
|
+
// eslint-disable-next-line max-depth
|
|
671
841
|
if (isTransientHttpFailure(retryStatus, retryBody)) {
|
|
672
842
|
// Decision 8: No cooldown for transient errors — rotate immediately
|
|
673
843
|
sawTransientFailure = true;
|
|
674
844
|
break;
|
|
675
845
|
}
|
|
676
846
|
logAttempt(retryStatus, "api_error", summarizeErrorMessage(retryBody));
|
|
847
|
+
// eslint-disable-next-line max-depth
|
|
677
848
|
try {
|
|
678
849
|
return JSON.parse(retryBody);
|
|
679
850
|
}
|
|
@@ -695,7 +866,9 @@ export function createClaudeProxyRoutes(modelRouter, basePath = "", accountStrat
|
|
|
695
866
|
}
|
|
696
867
|
}
|
|
697
868
|
if (!authRetrySucceeded) {
|
|
869
|
+
// eslint-disable-next-line max-depth
|
|
698
870
|
if (!accountState.permanentlyDisabled) {
|
|
871
|
+
// eslint-disable-next-line max-depth
|
|
699
872
|
if (!accountState.coolingUntil ||
|
|
700
873
|
accountState.coolingUntil <= Date.now()) {
|
|
701
874
|
accountState.coolingUntil =
|
|
@@ -953,6 +1126,7 @@ export function createClaudeProxyRoutes(modelRouter, basePath = "", accountStrat
|
|
|
953
1126
|
"anthropic-ratelimit-tokens-limit",
|
|
954
1127
|
]) {
|
|
955
1128
|
const val = response.headers.get(h);
|
|
1129
|
+
// eslint-disable-next-line max-depth
|
|
956
1130
|
if (val) {
|
|
957
1131
|
responseHeaders[h] = val;
|
|
958
1132
|
}
|