@karpeleslab/teamclaude 1.0.7 → 1.0.9

package/src/index.js

@@ -9,7 +9,10 @@ import { createProxyServer } from './server.js';
 import { importCredentials, loginOAuth, fetchProfile, refreshAccessToken, isTokenExpiringSoon } from './oauth.js';
 import { sameIdentity, orgKey, matchAccounts } from './identity.js';
 import * as alias from './alias.js';
+import { ensureCerts } from './mitm.js';
+import { Prober } from './prober.js';
 import { TUI } from './tui.js';
+import { SxManager } from './sx.js';
 
 const args = process.argv.slice(2);
 const command = args[0];
@@ -65,6 +68,10 @@ switch (command) {
     aliasCommand();
     process.exit(0);
     break;
+  case 'probe':
+    await probeCommand();
+    process.exit(0);
+    break;
   case 'help':
   case '--help':
   case '-h':
@@ -117,6 +124,10 @@ async function serverCommand() {
   });
   if (savedState?.quota) accountManager.restoreQuotaState(savedState.quota);
 
+  // With quota restored, pick the best account up front (highest priority /
+  // soonest-resetting weekly window) instead of defaulting to the first one.
+  accountManager.selectActiveAccount();
+
   // Periodically persist quota (and once more on shutdown) to the state file.
   const persistQuotaState = () =>
     saveState({ quota: accountManager.exportQuotaState() })
@@ -154,14 +165,54 @@ async function serverCommand() {
     }).catch(err => console.error(`[TeamClaude] Failed to save refreshed token: ${err.message}`));
   });
   const port = config.proxy.port;
-  const useTUI = process.stdout.isTTY && process.stdin.isTTY;
+  const headless = args.includes('--headless') || args.includes('--no-tui');
+  const useTUI = !headless && process.stdout.isTTY && process.stdin.isTTY;
+
+  // Opt-in background quota probe (config.quotaProbeSeconds, default 0 = off).
+  let prober = null;
+
+  // sx.org proxy (IP-based-429 workaround). Dormant unless an API key is set in
+  // config.sx.apiKey; when set we provision a proxy and route upstream through it.
+  const sx = new SxManager({ log: console.error });
+  if (config.sx?.apiKey) {
+    const r = await sx.configure(config.sx.apiKey, config.sx.mode);
+    if (!r.ok) console.error(`[TeamClaude] sx.org disabled: ${r.error}`);
+  } else if (config.sx?.mode) {
+    await sx.setMode(config.sx.mode);
+  }
+
+  // Re-sync accounts from disk without a restart. The TUI's 'R' key, the
+  // POST /teamclaude/reload endpoint, and the CLI notify after add/change all
+  // funnel through here. Returns the number of newly added accounts. Also picks
+  // up a changed probe interval so `teamclaude probe` applies live.
+  const reloadAccounts = async () => {
+    const diskConfig = await loadConfig();
+    if (!diskConfig) return 0;
+    const added = await syncAccountsFromDisk(diskConfig, config, accountManager);
+    // Apply an sx.org key/mode change made on disk (e.g. via POST /teamclaude/reload).
+    const diskSxKey = diskConfig.sx?.apiKey || null;
+    const diskSxMode = diskConfig.sx?.mode || 'always';
+    if (diskSxKey !== sx.apiKey || diskSxMode !== sx.mode) {
+      config.sx = diskConfig.sx;
+      if (diskSxKey) await sx.configure(diskSxKey, diskSxMode);
+      else { sx.disable(); await sx.setMode(diskSxMode); }
+    }
+    if (prober) {
+      const ms = (diskConfig.quotaProbeSeconds || 0) * 1000;
+      if (ms !== prober.intervalMs) {
+        config.quotaProbeSeconds = diskConfig.quotaProbeSeconds || 0;
+        prober.reschedule(ms);
+      }
+    }
+    return added;
+  };
 
   let tui = null;
   let hooks = {};
 
   if (useTUI) {
     tui = new TUI({
-      accountManager, config,
+      accountManager, config, sx,
       saveConfig: () => atomicConfigUpdate(async diskConfig => {
         // Write in-memory accounts as the authoritative state, preserving
         // extra disk-only fields (e.g. importFrom) where the account still exists.
@@ -177,13 +228,15 @@ async function serverCommand() {
           const diskAcct = diskConfig.accounts.find(d => sameIdentity(d, a));
           return diskAcct ? { ...diskAcct, ...live } : live;
         });
+        // Persist sx.org settings (set/cleared from the TUI settings screen).
+        if (config.sx) diskConfig.sx = config.sx; else delete diskConfig.sx;
+        // Persist other runtime-tunable settings edited from the TUI.
+        if (config.switchThreshold != null) diskConfig.switchThreshold = config.switchThreshold;
+        if (config.quotaProbeSeconds != null) diskConfig.quotaProbeSeconds = config.quotaProbeSeconds;
       }),
-      syncAccounts: async () => {
-        const diskConfig = await loadConfig();
-        if (!diskConfig) return 0;
-        return syncAccountsFromDisk(diskConfig, config, accountManager);
-      },
+      syncAccounts: reloadAccounts,
       onQuit: async () => {
+        prober?.stop();
         if (quotaSaveInterval) clearInterval(quotaSaveInterval);
         await persistQuotaState();
         server.close(() => process.exit(0));
@@ -196,7 +249,10 @@ async function serverCommand() {
     };
   }
 
-  const server = createProxyServer(accountManager, config, hooks);
+  // Expose reload to the proxy's control endpoint (works with or without TUI).
+  hooks.reload = reloadAccounts;
+
+  const server = createProxyServer(accountManager, config, hooks, sx);
   // Catch bind-time errors (e.g. EADDRINUSE) only. Once the socket is bound we
   // remove this handler so a later runtime 'error' isn't misreported as a
   // listen failure and exit the whole proxy.
@@ -237,9 +293,14 @@ async function serverCommand() {
   quotaSaveInterval = setInterval(persistQuotaState, 60_000);
   quotaSaveInterval.unref?.();
 
+  // Start the opt-in quota probe (no-op when quotaProbeSeconds is 0).
+  prober = new Prober(accountManager, { intervalMs: (config.quotaProbeSeconds || 0) * 1000 });
+  prober.start();
+
   if (!tui) {
     const shutdown = async () => {
       console.log('\n[TeamClaude] Shutting down...');
+      prober?.stop();
       clearInterval(quotaSaveInterval);
       await persistQuotaState();
       server.close(() => process.exit(0));
@@ -383,9 +444,13 @@ async function envCommand() {
 async function runCommand() {
   const config = await loadOrCreateConfig();
 
-  // Everything after 'run' (skip -- separator if present)
-  const claudeArgs = args.slice(1);
-  if (claudeArgs[0] === '--') claudeArgs.shift();
+  // Args after 'run'. teamclaude flags (e.g. --mitm) are recognized only before
+  // an optional `--` separator; everything after `--` goes verbatim to claude.
+  const rest = args.slice(1);
+  const sep = rest.indexOf('--');
+  const tcFlags = sep >= 0 ? rest.slice(0, sep) : rest;
+  const useMitm = tcFlags.includes('--mitm');
+  const claudeArgs = sep >= 0 ? rest.slice(sep + 1) : rest.filter(a => a !== '--mitm');
 
   // Route through the proxy only when it's actually up; otherwise launch claude
   // directly so a stopped proxy doesn't break `claude`. This is what lets the
@@ -393,10 +458,23 @@ async function runCommand() {
   const port = config.proxy.port;
   const env = { ...process.env };
   if (await isProxyUp(port)) {
-    // Only set ANTHROPIC_BASE_URL — Claude Code keeps its own OAuth token
-    // which the proxy accepts from localhost. Not setting ANTHROPIC_API_KEY
-    // lets Claude Code stay in subscription mode (full model access).
-    env.ANTHROPIC_BASE_URL = `http://localhost:${port}`;
+    if (useMitm) {
+      // Route ALL of claude's traffic through us as an HTTPS forward proxy, so
+      // even hardcoded api.anthropic.com endpoints (e.g. the design MCP) get the
+      // real token injected. claude trusts our MITM leaf via NODE_EXTRA_CA_CERTS.
+      const host = upstreamHost(config);
+      const { caPath } = await ensureCerts(host);
+      const proxyUrl = `http://127.0.0.1:${port}`;
+      env.HTTPS_PROXY = env.HTTP_PROXY = env.https_proxy = env.http_proxy = proxyUrl;
+      env.NO_PROXY = env.no_proxy = ''; // ensure nothing (esp. the upstream host) bypasses us
+      env.NODE_EXTRA_CA_CERTS = caPath;
+      delete env.ANTHROPIC_BASE_URL;
+    } else {
+      // Only set ANTHROPIC_BASE_URL — Claude Code keeps its own OAuth token
+      // which the proxy accepts from localhost. Not setting ANTHROPIC_API_KEY
+      // lets Claude Code stay in subscription mode (full model access).
+      env.ANTHROPIC_BASE_URL = `http://localhost:${port}`;
+    }
   } else {
     console.error(`[TeamClaude] Proxy not running on port ${port} — launching claude directly (start it with: teamclaude server)`);
   }
@@ -440,10 +518,12 @@ async function statusCommand() {
       console.log(`  ${acct.name} (${acct.type})${current}`);
       console.log(`    Status:   ${acct.status}${acct.disabled ? ' (disabled)' : ''}`);
 
-      if (q.unified5h != null || q.unified7d != null) {
+      if (q.unified5h != null || q.unified7d != null || q.unified7dSonnet != null) {
         const ses = q.unified5h != null ? (q.unified5h * 100).toFixed(1) + '%' : '-';
         const wk = q.unified7d != null ? (q.unified7d * 100).toFixed(1) + '%' : '-';
-        console.log(`    Session:  ${ses} used    Weekly: ${wk} used`);
+        let line = `    Session:  ${ses} used    Weekly: ${wk} used`;
+        if (q.unified7dSonnet != null) line += `    Sonnet7d: ${(q.unified7dSonnet * 100).toFixed(1)}% used`;
+        console.log(line);
       } else {
         const tok = q.tokensLimit ? ((1 - q.tokensRemaining / q.tokensLimit) * 100).toFixed(1) + '%' : '-';
         const req = q.requestsLimit ? ((1 - q.requestsRemaining / q.requestsLimit) * 100).toFixed(1) + '%' : '-';
@@ -645,6 +725,42 @@ function aliasCommand() {
   }
 }
 
+// ── probe ───────────────────────────────────────────────────
+
+async function probeCommand() {
+  const config = await loadOrCreateConfig();
+  const arg = args[1];
+
+  if (arg === undefined) {
+    const cur = config.quotaProbeSeconds || 0;
+    console.log(cur > 0 ? `Quota probe: every ${cur}s` : 'Quota probe: off (passive only)');
+    console.log('Set with: teamclaude probe <off|seconds>   e.g. teamclaude probe 300');
+    return;
+  }
+
+  let seconds;
+  if (arg === 'off' || arg === '0') {
+    seconds = 0;
+  } else {
+    seconds = parseInt(arg, 10);
+    if (Number.isNaN(seconds) || seconds < 0) {
+      console.error('Usage: teamclaude probe <off|seconds>');
+      process.exit(1);
+    }
+    if (seconds > 0 && seconds < 30) {
+      console.error('Minimum probe interval is 30s (to avoid hammering the usage endpoint).');
+      process.exit(1);
+    }
+  }
+
+  config.quotaProbeSeconds = seconds;
+  await saveConfig(config);
+  console.log(seconds > 0
+    ? `Quota probe set to every ${seconds}s (reads /api/oauth/usage; does not spend quota).`
+    : 'Quota probe disabled (passive only).');
+  await notifyRunningServer(config);
+}
+
 // ── remove ──────────────────────────────────────────────────
 
 /**
@@ -724,6 +840,7 @@ async function priorityCommand() {
   account.priority = priority;
   await saveConfig(config);
   console.log(`Set priority of "${account.name}" to ${priority} (lower = preferred)`);
+  await notifyRunningServer(config);
 }
 
 // ── enable / disable ────────────────────────────────────────
@@ -751,9 +868,7 @@ async function setDisabledCommand(disabled) {
   }
   await saveConfig(config);
   console.log(`${disabled ? 'Disabled' : 'Enabled'} account "${account.name}"`);
-  if (!disabled) {
-    console.log('(restart or reload the running server to retry it if it was in an error state)');
-  }
+  await notifyRunningServer(config);
 }
 
 // ── help ────────────────────────────────────────────────────
@@ -764,12 +879,15 @@ function showHelp() {
 Usage: teamclaude [command] [options]
 
 Commands:
-  server              Start the proxy server (default)
+  server              Start the proxy server (default; --headless to skip the TUI)
   import              Import credentials from Claude Code
   login               OAuth login via browser
   login --api         Add an API key account
   env                 Print env vars to use with Claude
-  run [-- args...]    Run Claude Code through the proxy (direct if it's down)
+  run [--mitm] [-- args...]
+                      Run Claude Code through the proxy (direct if it's down);
+                      --mitm routes via an HTTPS forward proxy + local CA so even
+                      hardcoded api.anthropic.com endpoints are intercepted
   alias               Print a shell alias so plain 'claude' routes via the proxy
                       (--install to write it to your shell rc; --uninstall to remove)
   status              Show proxy & account status (live)
@@ -778,6 +896,8 @@ Commands:
   disable <name>      Temporarily exclude an account from rotation
   enable <name>       Re-enable a disabled account (also clears a stuck error)
   priority <name> <n> Set rotation priority (lower = preferred; --first/--last)
+  probe [off|secs]    Opt-in background quota refresh for idle accounts
+                      (off by default; reads usage endpoint, spends no quota)
   api <path>          Call an API endpoint with account credentials
   help                Show this help
 
@@ -788,6 +908,14 @@ Options:
   --json JSON         Import from inline JSON (import), e.g.:
                       --json '{"accessToken":"...","refreshToken":"...","expiresAt":1234}'
   --log-to DIR        Log full requests/responses to DIR (server, one file per request)
+  --headless          Run the server without the interactive TUI (for backgrounding)
+  --mitm              (run) route claude via the HTTPS forward proxy + local CA
+
+The server always accepts both base-URL and proxy/CONNECT clients, so instances
+launched with and without --mitm can share one server.
+
+A running server re-syncs accounts from config on POST /teamclaude/reload
+(local only). add/login/enable/disable/priority trigger it automatically.
 
 Config: ${getConfigPath()}
 `);
@@ -862,6 +990,7 @@ async function upsertOAuthAccount(config, name, creds, source = 'unknown') {
 
   await saveConfig(config);
   console.log(`Saved to ${getConfigPath()}`);
+  await notifyRunningServer(config);
 }
 
 // ── config sync helpers ─────────────────────────────────────
@@ -988,6 +1117,32 @@ function argValue(flag) {
   return (i >= 0 && args[i + 1]) ? args[i + 1] : null;
 }
 
+// Hostname of the configured upstream (the host MITM-intercepts under `run --mitm`).
+function upstreamHost(config) {
+  try { return new URL(config.upstream || 'https://api.anthropic.com').hostname; }
+  catch { return 'api.anthropic.com'; }
+}
+
+// Best-effort: tell a running server (if any) to re-sync accounts from config so
+// CLI changes take effect without a restart. A closed local port refuses the
+// connection immediately, so this is a no-op (and near-instant) when nothing is
+// running. Reload picks up new accounts, credential, priority, and enable/disable
+// changes; account removals still need a restart.
+async function notifyRunningServer(config) {
+  const port = config?.proxy?.port;
+  if (!port) return;
+  try {
+    const res = await fetch(`http://localhost:${port}/teamclaude/reload`, {
+      method: 'POST',
+      headers: { 'x-api-key': config.proxy?.apiKey || '' },
+    });
+    if (res.ok) {
+      const data = await res.json().catch(() => ({}));
+      console.log(`Reloaded running server${data.added ? ` (+${data.added} new account)` : ''}.`);
+    }
+  } catch { /* no server running — nothing to notify */ }
+}
+
 // Quick liveness probe: is something listening on the local proxy port?
 // A successful TCP connect is enough (the proxy is local). Times out fast so a
 // down proxy doesn't add noticeable latency to `claude` launches via the alias.

package/src/json-format-stream.js

@@ -0,0 +1,65 @@
+// Streaming JSON pretty-printer (no regex, no buffering of the whole body).
+//
+// Built on the same idea as the account_uuid patcher: walk the bytes once,
+// tracking only enough state (nesting depth, in-string, escape) to know where
+// we are, and re-emit with indentation as we go. This lets the request logger
+// flush a readable body to disk *as it streams* — so when a request blocks
+// mid-flight, the partial (pretty) body is already on disk and you can see how
+// far it got. Bodies can be ~1M tokens, so we never hold more than the current
+// chunk.
+//
+// Whitespace outside strings is dropped and re-inserted; strings (including any
+// whitespace/escapes inside them) are copied verbatim. Operates on latin1 so a
+// multi-byte UTF-8 sequence split across chunks is preserved byte-for-byte.
+export class JsonStreamFormatter {
+  constructor(indent = 2) {
+    this.pad = ' '.repeat(indent);
+    this.depth = 0;
+    this.inStr = false;
+    this.esc = false;
+    this.freshContainer = false; // just opened { or [ — first element needs a newline+indent
+    this.started = false;
+  }
+
+  nl(depth) { return '\n' + this.pad.repeat(depth); }
+
+  // Feed a chunk; returns the formatted text for that chunk.
+  push(buf) {
+    const text = Buffer.isBuffer(buf) ? buf.toString('latin1') : String(buf);
+    let out = '';
+    for (let i = 0; i < text.length; i++) {
+      const ch = text[i];
+
+      if (this.inStr) {
+        out += ch;
+        if (this.esc) this.esc = false;
+        else if (ch === '\\') this.esc = true;
+        else if (ch === '"') this.inStr = false;
+        continue;
+      }
+
+      // Outside a string: collapse existing whitespace; we re-insert our own.
+      if (ch === ' ' || ch === '\t' || ch === '\n' || ch === '\r') continue;
+
+      if (ch === '}' || ch === ']') {
+        this.depth--;
+        // Empty container: emit "{}" / "[]" with no inner newline.
+        if (this.freshContainer) { this.freshContainer = false; out += ch; }
+        else out += this.nl(this.depth) + ch;
+        continue;
+      }
+
+      // Any other token. If it's the first token inside a just-opened
+      // container, break the line and indent first.
+      if (this.freshContainer) { out += this.nl(this.depth); this.freshContainer = false; }
+
+      if (ch === '{' || ch === '[') { out += ch; this.depth++; this.freshContainer = true; continue; }
+      if (ch === ',') { out += ',' + this.nl(this.depth); continue; }
+      if (ch === ':') { out += ': '; continue; }
+      if (ch === '"') { this.inStr = true; out += ch; continue; }
+      out += ch; // number / true / false / null character
+    }
+    this.started = this.started || out.length > 0;
+    return out;
+  }
+}