@juspay/neurolink 9.42.1 → 9.44.0

package/dist/lib/server/routes/claudeProxyRoutes.js

@@ -9,8 +9,7 @@
  * provider/model pairs (e.g. "claude-sonnet-4-20250514" -> vertex/gemini-2.5-pro).
  * Without a router, models are passed through to the Anthropic provider.
  */
-import { randomUUID } from "node:crypto";
-import { access, mkdir, readFile, rename, writeFile } from "node:fs/promises";
+import { access, readFile } from "node:fs/promises";
 import { homedir } from "node:os";
 import { join } from "node:path";
 import { buildStableClaudeCodeBillingHeader, CLAUDE_CLI_USER_AGENT, CLAUDE_CODE_OAUTH_BETAS, getOrCreateClaudeCodeIdentity, parseClaudeCodeUserId, } from "../../auth/anthropicOAuth.js";
@@ -21,6 +20,8 @@ import { createRawStreamCapture } from "../../proxy/rawStreamCapture.js";
 import { logBodyCapture, logRequest, logRequestAttempt, logStreamError, } from "../../proxy/requestLogger.js";
 import { createSSEInterceptor } from "../../proxy/sseInterceptor.js";
 import { needsRefresh, persistTokens, refreshToken, } from "../../proxy/tokenRefresh.js";
+import { applyRateLimitCooldownScope, buildProxyTranslationPlan, classifyClaudeProxyRequest, getActiveCooldownScope, partitionAccountsByCooldown, summarizeSkippedFallbacks, } from "../../proxy/routingPolicy.js";
+import { writeJsonSnapshotAtomically } from "../../proxy/snapshotPersistence.js";
 import { recordAttempt, recordAttemptError, recordCooldown, recordFinalError, recordFinalSuccess, } from "../../proxy/usageStats.js";
 import { logger } from "../../utils/logger.js";
 import { ProviderHealthChecker } from "../../utils/providerHealth.js";
@@ -46,9 +47,10 @@ let primaryAccountIndex = 0;
 let lastKnownAccountCount = 0;
 const MAX_AUTH_RETRIES = 5;
 const MAX_CONSECUTIVE_REFRESH_FAILURES = 15;
+const MAX_TRANSIENT_SAME_ACCOUNT_RETRIES = 2;
+const TRANSIENT_SAME_ACCOUNT_RETRY_DELAYS_MS = [250, 1_000];
 /** Decision 8: Cooldowns only for 401 and 429. */
 const AUTH_COOLDOWN_MS = 5 * 60 * 1000; // 5 minutes for 401
-const RATE_LIMIT_BACKOFF_BASE_MS = 1000; // 1 second base for 429
 const RATE_LIMIT_BACKOFF_CAP_MS = 10 * 60 * 1000; // 10 minute cap for 429
 /** Timeout for upstream requests to Anthropic. Must be generous enough
  *  to cover the full lifecycle of streaming responses, including extended
@@ -220,11 +222,7 @@ function snapshotsMatch(existing, next) {
 }
 async function persistClaudeSnapshot(accountLabel, snapshot) {
     const snapshotPath = getSnapshotPath(accountLabel);
-    const dirPath = join(homedir(), ".neurolink", "header-snapshots");
-    await mkdir(dirPath, { recursive: true });
-    const tmpPath = `${snapshotPath}.${process.pid}.${randomUUID()}.tmp`;
-    await writeFile(tmpPath, JSON.stringify(snapshot, null, 2), { mode: 0o600 });
-    await rename(tmpPath, snapshotPath);
+    await writeJsonSnapshotAtomically(snapshotPath, snapshot, 0o600);
     snapshotCache.set(getSnapshotSafeLabel(accountLabel), {
         snapshot,
         loadedAt: Date.now(),
@@ -259,7 +257,19 @@ async function maybeRefreshClaudeSnapshot(accountLabel, accountKey, headers, bod
     if (snapshotsMatch(existing, next)) {
         return existing;
     }
-    await persistClaudeSnapshot(accountLabel, next);
+    try {
+        await persistClaudeSnapshot(accountLabel, next);
+    }
+    catch (error) {
+        logger.warn("[proxy] failed to persist Claude snapshot", {
+            accountLabel,
+            error: error instanceof Error ? error.message : String(error),
+        });
+        snapshotCache.set(getSnapshotSafeLabel(accountLabel), {
+            snapshot: next,
+            loadedAt: Date.now(),
+        });
+    }
     return next;
 }
 /**
@@ -398,10 +408,12 @@ async function handleTranslatedClaudeRequest(args) {
     const { ctx, body, route, modelRouter, tracer, requestStartTime, logProxyBody, } = args;
     tracer?.setMode("full");
     const parsed = parseClaudeRequest(body);
-    const attempts = buildProxyTranslationAttempts({
+    const plan = buildProxyTranslationPlan({
         provider: route.provider,
         model: route.model,
-    }, modelRouter, parsed);
+    }, modelRouter?.getFallbackChain() ?? [], body.model, parsed);
+    logProxyRoutingPlan(logProxyBody, "translated_request", plan);
+    const attempts = plan.attempts;
     if (body.stream) {
         return handleTranslatedClaudeStreamRequest({
             ctx,
@@ -422,6 +434,18 @@ async function handleTranslatedClaudeRequest(args) {
         logProxyBody,
     });
 }
+function logProxyRoutingPlan(logProxyBody, stage, plan) {
+    logProxyBody({
+        phase: "routing_decision",
+        contentType: "application/json",
+        body: {
+            stage,
+            requestProfile: plan.profile,
+            attempts: plan.attempts,
+            skipped: plan.skipped,
+        },
+    });
+}
 async function handleTranslatedClaudeStreamRequest(args) {
     const { ctx, body, attempts, parsed, tracer, requestStartTime } = args;
     const serializer = new ClaudeStreamSerializer(body.model, 0);
@@ -1302,18 +1326,33 @@ async function executeClaudeFallbackTranslation(args) {
     return clientResponse;
 }
 async function tryConfiguredClaudeFallbackChain(args) {
-    const { ctx, body, modelRouter, tracer, requestStartTime, logProxyBody, logFinalRequest, } = args;
-    const parsedFallbackRequest = parseClaudeRequest(body);
+    const { ctx, body, parsedFallbackRequest, requestProfile, modelRouter, tracer, requestStartTime, logProxyBody, logFinalRequest, } = args;
     const chain = modelRouter?.getFallbackChain() ?? [];
-    for (const fallback of chain) {
-        if (shouldSkipTranslationTarget(fallback.provider, fallback.model, parsedFallbackRequest)) {
-            logger.debug(`[proxy] skipping fallback ${fallback.provider}/${fallback.model}: incompatible with request shape`);
+    const fallbackPlan = buildProxyTranslationPlan({ provider: "anthropic", model: body.model }, chain, body.model, parsedFallbackRequest);
+    const fallbackPolicyReason = summarizeSkippedFallbacks(fallbackPlan);
+    logProxyBody({
+        phase: "routing_decision",
+        contentType: "application/json",
+        body: {
+            stage: "anthropic_fallback",
+            requestProfile,
+            attempts: fallbackPlan.attempts.slice(1),
+            skipped: fallbackPlan.skipped,
+        },
+    });
+    for (const skipped of fallbackPlan.skipped) {
+        const label = skipped.provider
+            ? `${skipped.provider}/${skipped.model ?? "unknown"}`
+            : "auto-provider";
+        logger.always(`[proxy] skipping fallback ${label}: ${skipped.reason}`);
+    }
+    for (const fallback of fallbackPlan.attempts.slice(1)) {
+        if (!fallback.provider || !fallback.model) {
             continue;
         }
         const availability = await ProviderHealthChecker.checkFallbackProviderAvailability(fallback.provider, fallback.model);
         if (!availability.available) {
-            logger.debug(`[proxy] skipping fallback ${fallback.provider}/${fallback.model}: ${availability.reason ?? "provider unavailable"}`);
-            continue;
+            logger.always(`[proxy] fallback ${fallback.provider}/${fallback.model} health-check failed (${availability.reason ?? "provider unavailable"}), attempting anyway`);
         }
         try {
             logger.always(`[proxy] fallback → ${fallback.provider}/${fallback.model}`);
@@ -1321,7 +1360,7 @@ async function tryConfiguredClaudeFallbackChain(args) {
                 provider: fallback.provider,
                 model: fallback.model,
             });
-            return await executeClaudeFallbackTranslation({
+            const response = await executeClaudeFallbackTranslation({
                 ctx,
                 body,
                 tracer,
@@ -1331,18 +1370,31 @@ async function tryConfiguredClaudeFallbackChain(args) {
                 options: options,
                 providerLabel: fallback.provider,
             });
+            return {
+                response,
+                fallbackPolicyReason,
+            };
         }
         catch (fallbackErr) {
-            logger.debug(`[proxy] fallback ${fallback.provider}/${fallback.model} failed: ${fallbackErr instanceof Error ? fallbackErr.message : String(fallbackErr)}`);
+            logger.always(`[proxy] fallback ${fallback.provider}/${fallback.model} failed: ${fallbackErr instanceof Error ? fallbackErr.message : String(fallbackErr)}`);
         }
     }
-    return null;
+    return {
+        response: null,
+        fallbackPolicyReason,
+    };
 }
 async function tryAutoClaudeFallback(args) {
     const { ctx, body, tracer, requestStartTime, logProxyBody, logFinalRequest } = args;
     try {
-        logger.always("[proxy] fallback → auto-provider");
         const parsed = parseClaudeRequest(body);
+        const plan = buildProxyTranslationPlan({ provider: "anthropic", model: body.model }, [], body.model, parsed);
+        logProxyRoutingPlan(logProxyBody, "auto_fallback", plan);
+        const autoAttempt = plan.attempts.find((attempt) => attempt.label === "auto-provider");
+        if (!autoAttempt) {
+            return null;
+        }
+        logger.always("[proxy] fallback → auto-provider");
         const options = buildProxyFallbackOptions(parsed);
         return await executeClaudeFallbackTranslation({
             ctx,
@@ -1361,7 +1413,7 @@ async function tryAutoClaudeFallback(args) {
     }
 }
 function buildClaudeAnthropicFailureResponse(args) {
-    const { tracer, requestStartTime, authFailureMessage, invalidRequestFailure, sawNetworkError, sawTransientFailure, sawRateLimit, lastError, orderedAccounts, buildLoggedClaudeError, logProxyBody, logFinalRequest, } = args;
+    const { tracer, requestStartTime, authFailureMessage, invalidRequestFailure, sawNetworkError, sawTransientFailure, sawRateLimit, lastError, orderedAccounts, requestProfile, fallbackPolicyReason, buildLoggedClaudeError, logProxyBody, logFinalRequest, } = args;
     if (authFailureMessage && !sawRateLimit) {
         tracer?.setError("authentication_error", authFailureMessage);
         tracer?.end(401, Date.now() - requestStartTime);
@@ -1408,18 +1460,21 @@ function buildClaudeAnthropicFailureResponse(args) {
         return buildLoggedClaudeError(502, msg);
     }
     const earliestRecovery = orderedAccounts.reduce((min, account) => {
-        const coolingUntil = getOrCreateRuntimeState(account.key).coolingUntil;
-        return coolingUntil ? Math.min(min, coolingUntil) : min;
+        const cooldown = getActiveCooldownScope(getOrCreateRuntimeState(account.key), requestProfile);
+        return cooldown ? Math.min(min, cooldown.until) : min;
     }, Infinity);
     const retryAfterSec = Number.isFinite(earliestRecovery)
         ? Math.max(1, Math.ceil((earliestRecovery - Date.now()) / 1000))
         : 60;
-    logger.always(`[proxy] all accounts rate-limited, retry in ${retryAfterSec}s`);
-    const errorBody = buildClaudeError(429, `All accounts rate-limited. Earliest recovery in ${retryAfterSec}s.`, "overloaded_error");
-    tracer?.setError("rate_limit_error", `All accounts rate-limited. Retry in ${retryAfterSec}s.`);
+    const contractMessage = fallbackPolicyReason
+        ? ` ${fallbackPolicyReason}`
+        : "";
+    logger.always(`[proxy] all accounts rate-limited for request-class=${requestProfile.primaryClass}, retry in ${retryAfterSec}s`);
+    const errorBody = buildClaudeError(429, `All accounts rate-limited. Earliest recovery in ${retryAfterSec}s.${contractMessage}`, "overloaded_error");
+    tracer?.setError("rate_limit_error", `All accounts rate-limited. Retry in ${retryAfterSec}s.${contractMessage}`);
     tracer?.end(429, Date.now() - requestStartTime);
     recordFinalError(429);
-    logFinalRequest(429, "", "final", "rate_limit_error", `All accounts rate-limited. Retry in ${retryAfterSec}s.`);
+    logFinalRequest(429, "", "final", "rate_limit_error", `All accounts rate-limited. Retry in ${retryAfterSec}s.${contractMessage}`);
     const errorBodyText = JSON.stringify(errorBody);
     logProxyBody({
         phase: "client_response",
@@ -1442,10 +1497,22 @@ function buildClaudeAnthropicFailureResponse(args) {
     });
 }
 async function handleAnthropicSuccessfulResponse(args) {
-    const { ctx, body, account, accountState, response, tracer, requestStartTime, fetchStartMs, attemptNumber, finalBodyStr, upstreamSpan, logProxyBody, logFinalRequest, } = args;
+    const { ctx, body, account, accountState, requestProfile, response, tracer, requestStartTime, fetchStartMs, attemptNumber, finalBodyStr, upstreamSpan, logProxyBody, logFinalRequest, } = args;
     accountState.backoffLevel = 0;
     accountState.coolingUntil = undefined;
     accountState.consecutiveRefreshFailures = 0;
+    if (accountState.requestClassCooldowns) {
+        delete accountState.requestClassCooldowns[`${requestProfile.primaryClass}:${requestProfile.requestedModel.toLowerCase()}`];
+    }
+    if (accountState.modelTierCooldowns) {
+        delete accountState.modelTierCooldowns[requestProfile.modelTier];
+    }
+    if (accountState.requestClassBackoffLevels) {
+        delete accountState.requestClassBackoffLevels[`${requestProfile.primaryClass}:${requestProfile.requestedModel.toLowerCase()}`];
+    }
+    if (accountState.modelTierBackoffLevels) {
+        delete accountState.modelTierBackoffLevels[requestProfile.modelTier];
+    }
     logger.always(`[proxy] ← ${response.status} account=${account.label}`);
     const quota = parseQuotaHeaders(response.headers);
     if (quota) {
@@ -2035,7 +2102,7 @@ async function handleAnthropicSuccessfulRetryResponse(args) {
     return retryJson;
 }
 async function handleAnthropicAuthRetry(args) {
-    const { ctx, body, account, accountState, headers, buildUpstreamBody, enabledAccounts, orderedAccounts, response: _response, tracer, requestStartTime, fetchStartMs, attemptNumber, finalBodyStr, upstreamSpan, logAttempt, logProxyBody, logFinalRequest, lastError, authFailureMessage, sawRateLimit, sawTransientFailure, sawNetworkError, } = args;
+    const { ctx, body, account, accountState, requestProfile, headers, buildUpstreamBody, enabledAccounts, orderedAccounts, response: _response, tracer, requestStartTime, fetchStartMs, attemptNumber, finalBodyStr, upstreamSpan, logAttempt, logProxyBody, logFinalRequest, lastError, authFailureMessage, sawRateLimit, sawTransientFailure, sawNetworkError, } = args;
     recordAttemptError(account.label, account.type, 401);
     let currentLastError = lastError;
     let currentAuthFailureMessage = authFailureMessage;
@@ -2119,9 +2186,14 @@ async function handleAnthropicAuthRetry(args) {
                 const cooldownMs = Number.isNaN(parsedRetryAfter)
                     ? 60_000
                     : Math.max(1, parsedRetryAfter) * 1000;
-                accountState.coolingUntil = Date.now() + cooldownMs;
+                const cooldown = applyRateLimitCooldownScope({
+                    state: accountState,
+                    profile: requestProfile,
+                    retryAfterMs: cooldownMs,
+                    capMs: RATE_LIMIT_BACKOFF_CAP_MS,
+                });
                 advancePrimaryIfCurrent(account.key, enabledAccounts.length, orderedAccounts[0]?.key);
-                recordCooldown(account.label, account.type, accountState.coolingUntil, accountState.backoffLevel);
+                recordCooldown(account.label, account.type, Date.now() + cooldown.backoffMs, accountState.backoffLevel);
                 break;
             }
             if (retryStatus === 401 || retryStatus === 402 || retryStatus === 403) {
@@ -2364,13 +2436,14 @@ async function handleAnthropicNonOkResponse(args) {
     if (isTransientHttpFailure(response.status, errBody)) {
         recordAttemptError(account.label, account.type, response.status);
         currentSawTransientFailure = true;
-        logger.always(`[proxy] ← ${response.status} account=${account.label} (transient, rotating)`);
+        logger.always(`[proxy] ← ${response.status} account=${account.label} (transient)`);
         currentLastError = errBody;
         logAttempt(response.status, "api_error", summarizeErrorMessage(errBody));
         tracer?.setError("transient_error", summarizeErrorMessage(errBody));
         tracer?.recordRetry(account.label, "transient");
         return {
             continueLoop: true,
+            retrySameAccount: true,
             lastError: currentLastError,
             authFailureMessage: currentAuthFailureMessage,
             sawTransientFailure: currentSawTransientFailure,
@@ -2692,7 +2765,7 @@ async function prepareAnthropicAccountAttempt(args) {
     };
 }
 async function fetchAnthropicAccountResponse(args) {
-    const { url, headers, finalBodyStr, account, accountState, enabledAccounts, orderedAccounts, tracer, logAttempt, currentLastError, currentSawRateLimit, currentSawNetworkError, upstreamSpan, } = args;
+    const { url, headers, finalBodyStr, account, accountState, requestProfile, enabledAccounts, orderedAccounts, tracer, logAttempt, currentLastError, currentSawRateLimit, currentSawNetworkError, upstreamSpan, } = args;
     let lastError = currentLastError;
     let sawRateLimit = currentSawRateLimit;
     let sawNetworkError = currentSawNetworkError;
@@ -2715,13 +2788,14 @@ async function fetchAnthropicAccountResponse(args) {
         const errorCode = getErrorCode(fetchErr) ?? "unknown";
         const errorMessage = fetchErr instanceof Error ? fetchErr.message : String(fetchErr);
         lastError = errorMessage;
-        logger.always(`[proxy] fetch error account=${account.label} code=${errorCode} (rotating): ${errorMessage}`);
+        logger.always(`[proxy] fetch error account=${account.label} code=${errorCode} (retryable): ${errorMessage}`);
         logAttempt(502, "network_error", errorMessage);
         tracer?.setError("network_error", errorMessage);
         tracer?.recordRetry(account.label, "network_error");
         currentUpstreamSpan?.end();
         return {
             continueLoop: true,
+            retrySameAccount: true,
             lastError,
             sawRateLimit,
             sawNetworkError,
@@ -2744,16 +2818,17 @@ async function fetchAnthropicAccountResponse(args) {
                 }
             }
         }
-        const level = accountState.backoffLevel;
-        const baseCooldown = cooldownMs > 0 ? cooldownMs : RATE_LIMIT_BACKOFF_BASE_MS;
-        const backoffMs = Math.min(baseCooldown * 2 ** level, RATE_LIMIT_BACKOFF_CAP_MS);
-        accountState.coolingUntil = Date.now() + backoffMs;
-        accountState.backoffLevel += 1;
+        const cooldown = applyRateLimitCooldownScope({
+            state: accountState,
+            profile: requestProfile,
+            retryAfterMs: cooldownMs > 0 ? cooldownMs : undefined,
+            capMs: RATE_LIMIT_BACKOFF_CAP_MS,
+        });
         advancePrimaryIfCurrent(account.key, enabledAccounts.length, orderedAccounts[0]?.key);
         recordAttemptError(account.label, account.type, 429);
-        recordCooldown(account.label, account.type, accountState.coolingUntil, accountState.backoffLevel);
+        recordCooldown(account.label, account.type, Date.now() + cooldown.backoffMs, accountState.backoffLevel);
         lastError = await response.text();
-        logger.always(`[proxy] ← 429 account=${account.label} backoff-level=${accountState.backoffLevel} cooldown=${Math.round(backoffMs / 1000)}s`);
+        logger.always(`[proxy] ← 429 account=${account.label} backoff-level=${accountState.backoffLevel} cooldown=${Math.round(cooldown.backoffMs / 1000)}s request-class=${cooldown.requestClassKey} model-tier=${cooldown.modelTierKey}`);
         logAttempt(429, "rate_limit_error", String(lastError));
         tracer?.setError("rate_limit_error", String(lastError).slice(0, 500));
         tracer?.recordRetry(account.label, "rate_limit");
@@ -2777,6 +2852,8 @@ async function fetchAnthropicAccountResponse(args) {
 }
 async function handleAnthropicRoutedClaudeRequest(args) {
     const { ctx, body, modelRouter, tracer, requestStartTime, accountStrategy, buildLoggedClaudeError, logProxyBody, logFinalRequest, } = args;
+    const parsedRequest = parseClaudeRequest(body);
+    const requestProfile = classifyClaudeProxyRequest(body.model, parsedRequest);
     const loadedAccounts = await loadClaudeProxyAccounts({
         ctx,
         body,
@@ -2799,182 +2876,218 @@ async function handleAnthropicRoutedClaudeRequest(args) {
         attemptNumber: 0,
     };
     const acctSelectionSpan = tracer?.startAccountSelection();
-    for (const account of orderedAccounts) {
-        const accountState = getOrCreateRuntimeState(account.key);
-        if (accountState.coolingUntil && accountState.coolingUntil > Date.now()) {
-            continue;
+    const accountPartition = partitionAccountsByCooldown(orderedAccounts, (account) => getOrCreateRuntimeState(account.key), requestProfile);
+    for (const skippedAccount of accountPartition.skipped) {
+        if (skippedAccount.cooldown.scope === "request_class" ||
+            skippedAccount.cooldown.scope === "model_tier") {
+            loopState.sawRateLimit = true;
         }
-        loopState.attemptNumber += 1;
-        if (tracer && loopState.attemptNumber === 1 && acctSelectionSpan) {
-            tracer.setAccountSelection({
-                strategy: accountStrategy,
-                accountsTotal: accounts.length,
-                accountsHealthy: enabledAccounts.length,
-                selectedAccount: account.label,
-                accountType: account.type,
-            });
-            acctSelectionSpan.end();
-        }
-        const logAttempt = createAnthropicAttemptLogger({
-            ctx,
-            body,
-            toolCount,
-            requestStart,
-            tracer,
-            account,
-            attemptNumber: loopState.attemptNumber,
-        });
-        const preparedAttempt = await prepareAnthropicAccountAttempt({
-            account,
-            accountState,
-            bodyStr,
-            clientHeaders,
-            isClaudeClientRequest,
-            url,
-            tracer,
-            attemptNumber: loopState.attemptNumber,
-            currentLastError: loopState.lastError,
-            currentAuthFailureMessage: loopState.authFailureMessage,
-            logAttempt,
-            logProxyBody,
-        });
-        loopState.lastError = preparedAttempt.lastError;
-        loopState.authFailureMessage = preparedAttempt.authFailureMessage;
-        if (preparedAttempt.continueLoop ||
-            !preparedAttempt.headers ||
-            !preparedAttempt.buildUpstreamBody ||
-            !preparedAttempt.finalBodyStr ||
-            preparedAttempt.fetchStartMs === undefined) {
-            continue;
-        }
-        const fetchResult = await fetchAnthropicAccountResponse({
-            url,
-            headers: preparedAttempt.headers,
-            finalBodyStr: preparedAttempt.finalBodyStr,
-            account,
-            accountState,
-            enabledAccounts,
-            orderedAccounts,
-            tracer,
-            logAttempt,
-            currentLastError: loopState.lastError,
-            currentSawRateLimit: loopState.sawRateLimit,
-            currentSawNetworkError: loopState.sawNetworkError,
-            upstreamSpan: preparedAttempt.upstreamSpan,
-        });
-        loopState.lastError = fetchResult.lastError;
-        loopState.sawRateLimit = fetchResult.sawRateLimit;
-        loopState.sawNetworkError = fetchResult.sawNetworkError;
-        if (fetchResult.continueLoop || !fetchResult.response) {
-            continue;
-        }
-        let upstreamSpan = fetchResult.upstreamSpan;
-        const response = fetchResult.response;
-        if (response.status === 401 &&
-            account.type === "oauth" &&
-            account.refreshToken) {
-            const authRetryResult = await handleAnthropicAuthRetry({
+        loopState.lastError = `Skipped account=${skippedAccount.account.label} due to ${skippedAccount.cooldown.scope} cooldown ${skippedAccount.cooldown.key}`;
+        logger.always(`[proxy] skipping account=${skippedAccount.account.label} due to ${skippedAccount.cooldown.scope} cooldown=${skippedAccount.cooldown.key} remaining=${Math.max(1, Math.ceil((skippedAccount.cooldown.until - Date.now()) / 1000))}s`);
+    }
+    accountLoop: for (const account of accountPartition.eligible) {
+        const accountState = getOrCreateRuntimeState(account.key);
+        let transientSameAccountRetries = 0;
+        while (true) {
+            loopState.attemptNumber += 1;
+            if (tracer && loopState.attemptNumber === 1 && acctSelectionSpan) {
+                tracer.setAccountSelection({
+                    strategy: accountStrategy,
+                    accountsTotal: accounts.length,
+                    accountsHealthy: enabledAccounts.length,
+                    selectedAccount: account.label,
+                    accountType: account.type,
+                });
+                acctSelectionSpan.end();
+            }
+            const logAttempt = createAnthropicAttemptLogger({
                 ctx,
                 body,
+                toolCount,
+                requestStart,
+                tracer,
+                account,
+                attemptNumber: loopState.attemptNumber,
+            });
+            const preparedAttempt = await prepareAnthropicAccountAttempt({
                 account,
                 accountState,
+                bodyStr,
+                clientHeaders,
+                isClaudeClientRequest,
+                url,
+                tracer,
+                attemptNumber: loopState.attemptNumber,
+                currentLastError: loopState.lastError,
+                currentAuthFailureMessage: loopState.authFailureMessage,
+                logAttempt,
+                logProxyBody,
+            });
+            loopState.lastError = preparedAttempt.lastError;
+            loopState.authFailureMessage = preparedAttempt.authFailureMessage;
+            if (preparedAttempt.continueLoop ||
+                !preparedAttempt.headers ||
+                !preparedAttempt.buildUpstreamBody ||
+                !preparedAttempt.finalBodyStr ||
+                preparedAttempt.fetchStartMs === undefined) {
+                continue accountLoop;
+            }
+            const fetchResult = await fetchAnthropicAccountResponse({
+                url,
                 headers: preparedAttempt.headers,
-                buildUpstreamBody: preparedAttempt.buildUpstreamBody,
+                finalBodyStr: preparedAttempt.finalBodyStr,
+                account,
+                accountState,
+                requestProfile,
                 enabledAccounts,
                 orderedAccounts,
-                response,
                 tracer,
-                requestStartTime,
-                fetchStartMs: preparedAttempt.fetchStartMs,
-                attemptNumber: loopState.attemptNumber,
-                finalBodyStr: preparedAttempt.finalBodyStr,
-                upstreamSpan,
                 logAttempt,
-                logProxyBody,
-                logFinalRequest,
-                lastError: loopState.lastError,
-                authFailureMessage: loopState.authFailureMessage,
-                sawRateLimit: loopState.sawRateLimit,
-                sawTransientFailure: loopState.sawTransientFailure,
-                sawNetworkError: loopState.sawNetworkError,
+                currentLastError: loopState.lastError,
+                currentSawRateLimit: loopState.sawRateLimit,
+                currentSawNetworkError: loopState.sawNetworkError,
+                upstreamSpan: preparedAttempt.upstreamSpan,
             });
-            loopState.lastError = authRetryResult.lastError;
-            loopState.authFailureMessage = authRetryResult.authFailureMessage;
-            loopState.sawRateLimit = authRetryResult.sawRateLimit;
-            loopState.sawTransientFailure = authRetryResult.sawTransientFailure;
-            loopState.sawNetworkError = authRetryResult.sawNetworkError;
-            upstreamSpan = authRetryResult.upstreamSpan;
-            if (authRetryResult.response !== undefined) {
-                return authRetryResult.response;
+            loopState.lastError = fetchResult.lastError;
+            loopState.sawRateLimit = fetchResult.sawRateLimit;
+            loopState.sawNetworkError = fetchResult.sawNetworkError;
+            if (fetchResult.continueLoop || !fetchResult.response) {
+                if (fetchResult.retrySameAccount &&
+                    transientSameAccountRetries < MAX_TRANSIENT_SAME_ACCOUNT_RETRIES) {
+                    transientSameAccountRetries += 1;
+                    const delayMs = getTransientSameAccountRetryDelayMs(transientSameAccountRetries);
+                    logger.always(`[proxy] retrying same account=${account.label} after transient network error (${transientSameAccountRetries}/${MAX_TRANSIENT_SAME_ACCOUNT_RETRIES}) in ${delayMs}ms`);
+                    await sleep(delayMs);
+                    continue;
+                }
+                if (fetchResult.retrySameAccount) {
+                    logger.always(`[proxy] exhausted transient same-account retries for account=${account.label}; rotating`);
+                }
+                continue accountLoop;
             }
-            if (authRetryResult.continueLoop) {
-                continue;
+            let upstreamSpan = fetchResult.upstreamSpan;
+            const response = fetchResult.response;
+            if (response.status === 401 &&
+                account.type === "oauth" &&
+                account.refreshToken) {
+                const authRetryResult = await handleAnthropicAuthRetry({
+                    ctx,
+                    body,
+                    account,
+                    accountState,
+                    requestProfile,
+                    headers: preparedAttempt.headers,
+                    buildUpstreamBody: preparedAttempt.buildUpstreamBody,
+                    enabledAccounts,
+                    orderedAccounts,
+                    response,
+                    tracer,
+                    requestStartTime,
+                    fetchStartMs: preparedAttempt.fetchStartMs,
+                    attemptNumber: loopState.attemptNumber,
+                    finalBodyStr: preparedAttempt.finalBodyStr,
+                    upstreamSpan,
+                    logAttempt,
+                    logProxyBody,
+                    logFinalRequest,
+                    lastError: loopState.lastError,
+                    authFailureMessage: loopState.authFailureMessage,
+                    sawRateLimit: loopState.sawRateLimit,
+                    sawTransientFailure: loopState.sawTransientFailure,
+                    sawNetworkError: loopState.sawNetworkError,
+                });
+                loopState.lastError = authRetryResult.lastError;
+                loopState.authFailureMessage = authRetryResult.authFailureMessage;
+                loopState.sawRateLimit = authRetryResult.sawRateLimit;
+                loopState.sawTransientFailure = authRetryResult.sawTransientFailure;
+                loopState.sawNetworkError = authRetryResult.sawNetworkError;
+                upstreamSpan = authRetryResult.upstreamSpan;
+                if (authRetryResult.response !== undefined) {
+                    return authRetryResult.response;
+                }
+                if (authRetryResult.continueLoop) {
+                    continue accountLoop;
+                }
             }
-        }
-        if (!response.ok) {
-            const nonOkResult = await handleAnthropicNonOkResponse({
-                response,
+            if (!response.ok) {
+                const nonOkResult = await handleAnthropicNonOkResponse({
+                    response,
+                    account,
+                    accountState,
+                    tracer,
+                    requestStartTime,
+                    fetchStartMs: preparedAttempt.fetchStartMs,
+                    attemptNumber: loopState.attemptNumber,
+                    logAttempt,
+                    logProxyBody,
+                    logFinalRequest,
+                    lastError: loopState.lastError,
+                    authFailureMessage: loopState.authFailureMessage,
+                    sawTransientFailure: loopState.sawTransientFailure,
+                    invalidRequestFailure: loopState.invalidRequestFailure,
+                    maxConsecutiveRefreshFailures: MAX_CONSECUTIVE_REFRESH_FAILURES,
+                });
+                loopState.lastError = nonOkResult.lastError;
+                loopState.authFailureMessage = nonOkResult.authFailureMessage;
+                loopState.sawTransientFailure = nonOkResult.sawTransientFailure;
+                loopState.invalidRequestFailure = nonOkResult.invalidRequestFailure;
+                if (nonOkResult.response !== undefined) {
+                    return nonOkResult.response;
+                }
+                if (nonOkResult.continueLoop) {
+                    if (nonOkResult.retrySameAccount &&
+                        transientSameAccountRetries < MAX_TRANSIENT_SAME_ACCOUNT_RETRIES) {
+                        transientSameAccountRetries += 1;
+                        const delayMs = getTransientSameAccountRetryDelayMs(transientSameAccountRetries);
+                        logger.always(`[proxy] retrying same account=${account.label} after transient upstream ${response.status} (${transientSameAccountRetries}/${MAX_TRANSIENT_SAME_ACCOUNT_RETRIES}) in ${delayMs}ms`);
+                        await sleep(delayMs);
+                        continue;
+                    }
+                    if (nonOkResult.retrySameAccount) {
+                        logger.always(`[proxy] exhausted transient same-account retries for account=${account.label}; rotating`);
+                    }
+                    continue accountLoop;
+                }
+                break accountLoop;
+            }
+            const successResult = await handleAnthropicSuccessfulResponse({
+                ctx,
+                body,
                 account,
                 accountState,
+                requestProfile,
+                response,
                 tracer,
                 requestStartTime,
                 fetchStartMs: preparedAttempt.fetchStartMs,
                 attemptNumber: loopState.attemptNumber,
-                logAttempt,
+                finalBodyStr: preparedAttempt.finalBodyStr,
+                upstreamSpan,
                 logProxyBody,
                 logFinalRequest,
-                lastError: loopState.lastError,
-                authFailureMessage: loopState.authFailureMessage,
-                sawTransientFailure: loopState.sawTransientFailure,
-                invalidRequestFailure: loopState.invalidRequestFailure,
-                maxConsecutiveRefreshFailures: MAX_CONSECUTIVE_REFRESH_FAILURES,
             });
-            loopState.lastError = nonOkResult.lastError;
-            loopState.authFailureMessage = nonOkResult.authFailureMessage;
-            loopState.sawTransientFailure = nonOkResult.sawTransientFailure;
-            loopState.invalidRequestFailure = nonOkResult.invalidRequestFailure;
-            if (nonOkResult.response !== undefined) {
-                return nonOkResult.response;
-            }
-            if (nonOkResult.continueLoop) {
-                continue;
+            if ("retryNextAccount" in successResult) {
+                continue accountLoop;
             }
-            break;
-        }
-        const successResult = await handleAnthropicSuccessfulResponse({
-            ctx,
-            body,
-            account,
-            accountState,
-            response,
-            tracer,
-            requestStartTime,
-            fetchStartMs: preparedAttempt.fetchStartMs,
-            attemptNumber: loopState.attemptNumber,
-            finalBodyStr: preparedAttempt.finalBodyStr,
-            upstreamSpan,
-            logProxyBody,
-            logFinalRequest,
-        });
-        if ("retryNextAccount" in successResult) {
-            continue;
+            return successResult.response;
         }
-        return successResult.response;
     }
     if (loopState.attemptNumber === 0) {
         acctSelectionSpan?.end();
     }
-    const configuredFallbackResponse = await tryConfiguredClaudeFallbackChain({
+    const configuredFallbackResult = await tryConfiguredClaudeFallbackChain({
         ctx,
         body,
+        parsedFallbackRequest: parsedRequest,
+        requestProfile,
         modelRouter,
         tracer,
         requestStartTime,
         logProxyBody,
         logFinalRequest,
     });
-    if (configuredFallbackResponse) {
-        return configuredFallbackResponse;
+    if (configuredFallbackResult.response) {
+        return configuredFallbackResult.response;
     }
     const configuredChain = modelRouter?.getFallbackChain() ?? [];
     if (configuredChain.length === 0 && !loopState.sawRateLimit) {
@@ -3000,6 +3113,8 @@ async function handleAnthropicRoutedClaudeRequest(args) {
         sawRateLimit: loopState.sawRateLimit,
         lastError: loopState.lastError,
         orderedAccounts,
+        requestProfile,
+        fallbackPolicyReason: configuredFallbackResult.fallbackPolicyReason,
         buildLoggedClaudeError,
         logProxyBody,
         logFinalRequest,
@@ -3220,6 +3335,8 @@ function getOrCreateRuntimeState(accountKey) {
         backoffLevel: 0,
         consecutiveRefreshFailures: 0,
         permanentlyDisabled: false,
+        requestClassCooldowns: {},
+        modelTierCooldowns: {},
     };
     accountRuntimeState.set(accountKey, initial);
     return initial;
@@ -3249,6 +3366,10 @@ function summarizeErrorMessage(message, maxLength = 180) {
     }
     return `${compact.slice(0, maxLength)}...`;
 }
+export function getTransientSameAccountRetryDelayMs(retryNumber) {
+    const index = Math.min(Math.max(retryNumber - 1, 0), TRANSIENT_SAME_ACCOUNT_RETRY_DELAYS_MS.length - 1);
+    return TRANSIENT_SAME_ACCOUNT_RETRY_DELAYS_MS[index] ?? 0;
+}
 async function sleep(ms) {
     await new Promise((resolve) => setTimeout(resolve, ms));
 }
@@ -3409,34 +3530,6 @@ export function buildProxyFallbackOptions(parsed, overrides = {}) {
         maxSteps: 1,
     };
 }
-export function buildProxyTranslationAttempts(primary, modelRouter, parsed) {
-    const attempts = [
-        {
-            provider: primary.provider,
-            model: primary.model,
-            label: `${primary.provider}/${primary.model ?? "unknown"}`,
-        },
-    ];
-    const chain = modelRouter?.getFallbackChain() ?? [];
-    for (const fallback of chain) {
-        if (fallback.provider === primary.provider &&
-            fallback.model === primary.model) {
-            continue;
-        }
-        if (shouldSkipTranslationTarget(fallback.provider, fallback.model, parsed)) {
-            continue;
-        }
-        attempts.push({
-            provider: fallback.provider,
-            model: fallback.model,
-            label: `${fallback.provider}/${fallback.model}`,
-        });
-    }
-    if (chain.length === 0) {
-        attempts.push({ label: "auto-provider" });
-    }
-    return attempts;
-}
 function hasTranslatedOutput(collectedText, toolCalls) {
     return collectedText.trim().length > 0 || (toolCalls?.length ?? 0) > 0;
 }
@@ -3450,14 +3543,6 @@ function shouldOmitImagesForTarget(provider, model) {
 function shouldOmitThinkingConfigForTarget(provider, model) {
     return provider === "vertex" && model === "gemini-2.5-flash";
 }
-function shouldSkipTranslationTarget(provider, model, parsed) {
-    if (provider === "ollama" &&
-        model === "qwen2.5:0.5b" &&
-        (parsed?.images.length ?? 0) > 0) {
-        return true;
-    }
-    return false;
-}
 function extractToolArgs(toolCall) {
     return (toolCall.args ??
         toolCall.parameters ??