@lightharu/krouter 1.8.0

package/out-server/main/proxy/selfSignedCert.js

@@ -0,0 +1,179 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ensureProxySelfSignedCert = ensureProxySelfSignedCert;
+// 反代 HTTPS 自签证书生成器（不依赖外部 CA，单证书自签）
+// 用于让用户一键启用反代 HTTPS，证书包含 SubjectAltName 覆盖常见绑定地址
+const forge = __importStar(require("node-forge"));
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const crypto = __importStar(require("crypto"));
+/**
+ * 在指定目录生成（或加载）反代用的自签证书
+ * - 文件位置：dataPath/proxy-tls/proxy.crt + proxy.key
+ * - 过期前 30 天自动续期
+ * - 默认 SAN 包含 localhost / 127.0.0.1 / ::1，以及调用方指定的 hostnames
+ *
+ * @param dataPath 应用数据目录（一般是 app.getPath('userData')）
+ * @param hostnames 额外的 DNS / IP 名称（如配置的 proxy host）
+ * @param forceRegen 强制重新生成
+ */
+function ensureProxySelfSignedCert(dataPath, hostnames = [], forceRegen = false) {
+    const certDir = path.join(dataPath, 'proxy-tls');
+    const certPath = path.join(certDir, 'proxy.crt');
+    const keyPath = path.join(certDir, 'proxy.key');
+    if (!fs.existsSync(certDir))
+        fs.mkdirSync(certDir, { recursive: true });
+    // 复用已有证书（未过期且 SAN 覆盖了请求的 hostnames）
+    if (!forceRegen && fs.existsSync(certPath) && fs.existsSync(keyPath)) {
+        try {
+            const certPem = fs.readFileSync(certPath, 'utf8');
+            const keyPem = fs.readFileSync(keyPath, 'utf8');
+            const cert = forge.pki.certificateFromPem(certPem);
+            const now = new Date();
+            const renewBefore = new Date(cert.validity.notAfter.getTime() - 30 * 86400_000);
+            // SAN 覆盖检查
+            const existingAlt = extractAltNames(cert);
+            const requested = normalizeAltNames(hostnames);
+            const missing = requested.filter(n => !existingAlt.includes(n));
+            if (now < renewBefore && missing.length === 0) {
+                return {
+                    cert: certPem,
+                    key: keyPem,
+                    fingerprint: computeFingerprint(certPem),
+                    notBefore: cert.validity.notBefore.getTime(),
+                    notAfter: cert.validity.notAfter.getTime(),
+                    subject: cert.subject.getField('CN')?.value || 'localhost',
+                    altNames: existingAlt
+                };
+            }
+        }
+        catch (err) {
+            console.warn('[ProxyTLS] Failed to load existing cert, regenerating:', err.message);
+        }
+    }
+    // 生成新证书
+    const keys = forge.pki.rsa.generateKeyPair(2048);
+    const cert = forge.pki.createCertificate();
+    cert.publicKey = keys.publicKey;
+    cert.serialNumber = generateSerialNumber();
+    cert.validity.notBefore = new Date();
+    cert.validity.notAfter = new Date();
+    cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 2); // 2 年有效期
+    const subject = [
+        { name: 'commonName', value: 'Kiro Reverse Proxy' },
+        { name: 'organizationName', value: 'Krouter' },
+        { name: 'countryName', value: 'CN' }
+    ];
+    cert.setSubject(subject);
+    cert.setIssuer(subject);
+    // 构造 SubjectAltName：DNS / IP 都列入，覆盖常见客户端访问场景
+    const altNames = normalizeAltNames(hostnames);
+    // node-forge 的 GeneralName 在 type defs 中不公开，用结构化对象直接传入
+    const altList = [];
+    for (const name of altNames) {
+        if (isIPv4(name) || isIPv6(name)) {
+            altList.push({ type: 7, ip: name }); // type 7 = iPAddress
+        }
+        else {
+            altList.push({ type: 2, value: name }); // type 2 = dNSName
+        }
+    }
+    cert.setExtensions([
+        { name: 'basicConstraints', cA: false, critical: true },
+        {
+            name: 'keyUsage',
+            digitalSignature: true,
+            keyEncipherment: true,
+            critical: true
+        },
+        { name: 'extKeyUsage', serverAuth: true, clientAuth: true },
+        { name: 'subjectAltName', altNames: altList }
+    ]);
+    cert.sign(keys.privateKey, forge.md.sha256.create());
+    const certPem = forge.pki.certificateToPem(cert);
+    const keyPem = forge.pki.privateKeyToPem(keys.privateKey);
+    fs.writeFileSync(certPath, certPem);
+    fs.writeFileSync(keyPath, keyPem, { mode: 0o600 }); // 私钥仅 owner 可读
+    console.log(`[ProxyTLS] Generated self-signed cert: ${certPath} (SAN=${altNames.join(',')})`);
+    return {
+        cert: certPem,
+        key: keyPem,
+        fingerprint: computeFingerprint(certPem),
+        notBefore: cert.validity.notBefore.getTime(),
+        notAfter: cert.validity.notAfter.getTime(),
+        subject: 'Kiro Reverse Proxy',
+        altNames
+    };
+}
+/**
+ * 标准化 SAN 列表：去重，确保始终包含本地访问地址
+ */
+function normalizeAltNames(extras) {
+    const set = new Set(['localhost', '127.0.0.1', '::1']);
+    for (const name of extras) {
+        const trimmed = name?.trim();
+        if (!trimmed)
+            continue;
+        // 0.0.0.0 不是有效 cert SAN（客户端永远不会真访问 0.0.0.0），跳过
+        if (trimmed === '0.0.0.0' || trimmed === '::')
+            continue;
+        set.add(trimmed);
+    }
+    return Array.from(set);
+}
+function extractAltNames(cert) {
+    const ext = cert.getExtension('subjectAltName');
+    if (!ext?.altNames)
+        return [];
+    return ext.altNames.map(a => a.ip || a.value || '').filter(Boolean);
+}
+function isIPv4(host) {
+    return /^(\d{1,3}\.){3}\d{1,3}$/.test(host);
+}
+function isIPv6(host) {
+    return host.includes(':') && !host.includes('.');
+}
+function generateSerialNumber() {
+    return crypto.randomBytes(16).toString('hex');
+}
+function computeFingerprint(certPem) {
+    // SHA-256 指纹：用 PEM body 的 DER 解码后哈希
+    const m = certPem.match(/-----BEGIN CERTIFICATE-----([\s\S]*?)-----END CERTIFICATE-----/);
+    if (!m)
+        return '';
+    const der = Buffer.from(m[1].replace(/\s/g, ''), 'base64');
+    return crypto.createHash('sha256').update(der).digest('hex').match(/.{2}/g).join(':').toUpperCase();
+}

package/out-server/main/proxy/systemProxy.js

@@ -0,0 +1,250 @@
+"use strict";
+// 系统代理检测（Windows 注册表 / macOS scutil）+ 安全 ProxyAgent 工厂
+// 含 SOCKS5/SOCKS4 代理支持（通过 socks 包 + undici Agent.connect 钩子）
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getSystemProxy = getSystemProxy;
+exports.safeCreateProxyAgent = safeCreateProxyAgent;
+const undici_1 = require("undici");
+const tls = __importStar(require("tls"));
+let _cachedSystemProxy = null;
+let _systemProxyCacheTime = 0;
+const SYSTEM_PROXY_CACHE_TTL = 30_000; // 30秒缓存
+/**
+ * 检查 URL 是否为 undici ProxyAgent 支持的协议（http / https）
+ */
+function isHttpLikeProxyUrl(url) {
+    try {
+        const u = new URL(url);
+        return u.protocol === 'http:' || u.protocol === 'https:';
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * 解析 Windows ProxyServer 注册表值，仅返回 undici 可用的 http(s) 代理 URL
+ *
+ * 可能的格式：
+ *   1) "host:port"            — 单一代理，应用于所有协议
+ *   2) "http=host:port;https=host:port;ftp=host:port;socks=host:port"
+ *                              — 按协议分别配置
+ *   3) "scheme://host:port"   — 已带 scheme（http / https / socks5 ...）
+ *
+ * 不支持 socks/socks4/socks5/pac 等非 http(s) 协议，遇到时返回 null（回退直连）
+ */
+function parseWindowsProxyServer(raw) {
+    const trimmed = raw.trim();
+    if (!trimmed)
+        return null;
+    // 形如 "http=host:port;https=host:port;socks=host:port" 的多协议格式
+    if (trimmed.includes('=')) {
+        const map = new Map();
+        for (const seg of trimmed.split(';')) {
+            const eq = seg.indexOf('=');
+            if (eq > 0) {
+                const k = seg.slice(0, eq).trim().toLowerCase();
+                const v = seg.slice(eq + 1).trim();
+                if (k && v)
+                    map.set(k, v);
+            }
+        }
+        const https = map.get('https');
+        if (https)
+            return `http://${https}`;
+        const http = map.get('http');
+        if (http)
+            return `http://${http}`;
+        return null;
+    }
+    // 已带 scheme
+    if (/^[a-z][a-z0-9+.-]*:\/\//i.test(trimmed)) {
+        return isHttpLikeProxyUrl(trimmed) ? trimmed : null;
+    }
+    // 裸的 host:port，按 http 处理
+    return `http://${trimmed}`;
+}
+function getSystemProxy() {
+    const now = Date.now();
+    if (_systemProxyCacheTime > 0 && now - _systemProxyCacheTime < SYSTEM_PROXY_CACHE_TTL) {
+        return _cachedSystemProxy;
+    }
+    try {
+        if (process.platform === 'win32') {
+            const { execSync } = require('child_process');
+            const result = execSync('reg query "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings" /v ProxyEnable', { encoding: 'utf8', timeout: 3000, windowsHide: true });
+            if (result.includes('0x1')) {
+                const serverResult = execSync('reg query "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings" /v ProxyServer', { encoding: 'utf8', timeout: 3000, windowsHide: true });
+                const match = serverResult.match(/ProxyServer\s+REG_SZ\s+(.+)/);
+                if (match) {
+                    const parsed = parseWindowsProxyServer(match[1]);
+                    _cachedSystemProxy = parsed;
+                    _systemProxyCacheTime = now;
+                    return _cachedSystemProxy;
+                }
+            }
+        }
+        else if (process.platform === 'darwin') {
+            const { execSync } = require('child_process');
+            const result = execSync('scutil --proxy', { encoding: 'utf8', timeout: 3000 });
+            // 优先 HTTPS 代理，回退到 HTTP 代理（仅 undici 支持的 http/https 协议）
+            const httpsEnabled = /HTTPSEnable\s*:\s*1/.test(result);
+            if (httpsEnabled) {
+                const hostMatch = result.match(/HTTPSProxy\s*:\s*(\S+)/);
+                const portMatch = result.match(/HTTPSPort\s*:\s*(\d+)/);
+                if (hostMatch) {
+                    const proxy = `http://${hostMatch[1]}${portMatch ? ':' + portMatch[1] : ''}`;
+                    _cachedSystemProxy = proxy;
+                    _systemProxyCacheTime = now;
+                    return _cachedSystemProxy;
+                }
+            }
+            const httpEnabled = /HTTPEnable\s*:\s*1/.test(result);
+            if (httpEnabled) {
+                const hostMatch = result.match(/HTTPProxy\s*:\s*(\S+)/);
+                const portMatch = result.match(/HTTPPort\s*:\s*(\d+)/);
+                if (hostMatch) {
+                    const proxy = `http://${hostMatch[1]}${portMatch ? ':' + portMatch[1] : ''}`;
+                    _cachedSystemProxy = proxy;
+                    _systemProxyCacheTime = now;
+                    return _cachedSystemProxy;
+                }
+            }
+            // macOS 仅配 SOCKS 时 undici 不支持，静默回退直连（safeCreateProxyAgent 也会兜底）
+        }
+    }
+    catch { /* 检测失败静默回退直连 */ }
+    _cachedSystemProxy = null;
+    _systemProxyCacheTime = now;
+    return null;
+}
+/**
+ * 安全地创建 undici Dispatcher
+ *
+ * 支持协议：
+ *   - http: / https: → undici 原生 ProxyAgent
+ *   - socks5: / socks4: → 通过 socks 包 + undici Agent 的 connect 钩子实现 SOCKS 隧道
+ *
+ * URL 无效或协议无法支持时返回 undefined，让调用方回退直连，
+ * 而不会让异常向上传播阻塞业务流程。
+ */
+function safeCreateProxyAgent(proxyUrl) {
+    if (!proxyUrl)
+        return undefined;
+    // 校验 URL
+    let u;
+    try {
+        u = new URL(proxyUrl);
+    }
+    catch {
+        console.warn(`[Proxy] 代理 URL 无效: ${proxyUrl}`);
+        return undefined;
+    }
+    const protocol = u.protocol;
+    // http / https 走原生 ProxyAgent
+    if (protocol === 'http:' || protocol === 'https:') {
+        try {
+            return new undici_1.ProxyAgent({ uri: proxyUrl, requestTls: { rejectUnauthorized: false } });
+        }
+        catch (err) {
+            console.warn(`[Proxy] 创建 HTTP ProxyAgent 失败，回退直连: ${proxyUrl}`, err);
+            return undefined;
+        }
+    }
+    // SOCKS 走自定义 connect
+    if (protocol === 'socks5:' || protocol === 'socks5h:' || protocol === 'socks4:' || protocol === 'socks4a:') {
+        try {
+            return createSocksDispatcher(u);
+        }
+        catch (err) {
+            console.warn(`[Proxy] 创建 SOCKS Agent 失败，回退直连: ${proxyUrl}`, err);
+            return undefined;
+        }
+    }
+    console.warn(`[Proxy] 忽略不支持的代理协议 (仅支持 http/https/socks5/socks4): ${proxyUrl}`);
+    return undefined;
+}
+/**
+ * 通过 undici Agent 的 connect 钩子实现 SOCKS5/4 隧道
+ * 流程：socks.createConnection 建立 TCP 隧道 → 如目标是 https 再 TLS 升级 → 把 socket 交给 undici
+ */
+function createSocksDispatcher(u) {
+    const isSocks5 = u.protocol === 'socks5:' || u.protocol === 'socks5h:';
+    const type = isSocks5 ? 5 : 4;
+    const proxyHost = u.hostname;
+    const proxyPort = Number(u.port) || 1080;
+    const userId = u.username ? decodeURIComponent(u.username) : undefined;
+    const password = u.password ? decodeURIComponent(u.password) : undefined;
+    // undici Agent.connect callback 的类型签名是 (err: Error, socket: null) | (err: null, socket: Socket)
+    // 用宽松 any 包装避免严格类型不匹配，运行时行为完全正确
+    return new undici_1.Agent({
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        connect: ((options, callback) => {
+            const targetHost = options.hostname || options.host || '';
+            const targetPort = Number(options.port) || (options.protocol === 'https:' ? 443 : 80);
+            // 动态导入 socks 库
+            let SocksClient;
+            try {
+                SocksClient = require('socks').SocksClient;
+            }
+            catch (err) {
+                callback(err, null);
+                return;
+            }
+            void SocksClient.createConnection({
+                proxy: { host: proxyHost, port: proxyPort, type, userId, password },
+                command: 'connect',
+                destination: { host: targetHost, port: targetPort }
+            })
+                .then(({ socket }) => {
+                // HTTPS 需要 TLS 升级
+                if (options.protocol === 'https:') {
+                    const tlsSocket = tls.connect({
+                        socket,
+                        servername: options.servername || targetHost,
+                        rejectUnauthorized: options.rejectUnauthorized ?? false
+                    });
+                    tlsSocket.once('secureConnect', () => callback(null, tlsSocket));
+                    tlsSocket.once('error', (err) => callback(err, null));
+                }
+                else {
+                    callback(null, socket);
+                }
+            })
+                .catch((err) => callback(err, null));
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        })
+    });
+}

package/out-server/main/proxy/tokenCounter.js

@@ -0,0 +1,164 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.countTokens = countTokens;
+exports.setModelContextWindow = setModelContextWindow;
+exports.getModelContextWindow = getModelContextWindow;
+exports.getModelContextLength = getModelContextLength;
+/**
+ * Token 计数工具：使用 js-tiktoken cl100k_base 编码精确计算，
+ * 失败时降级到字节系数估算；并提供按模型 ID 查询 context 窗口大小，
+ * 以便从 Kiro 后端的 contextUsagePercentage 反推真实 input tokens。
+ */
+const js_tiktoken_1 = require("js-tiktoken");
+let encoder = null;
+let encoderInitFailed = false;
+/** 懒加载 cl100k_base 编码器（GPT-4/Claude 通用近似） */
+function getEncoder() {
+    if (encoder)
+        return encoder;
+    if (encoderInitFailed)
+        return null;
+    try {
+        encoder = (0, js_tiktoken_1.getEncoding)('cl100k_base');
+        return encoder;
+    }
+    catch (err) {
+        console.warn('[TokenCounter] Failed to load cl100k_base encoder:', err);
+        encoderInitFailed = true;
+        return null;
+    }
+}
+/**
+ * 使用 tiktoken cl100k_base 精确计算 token 数。
+ * 兜底：UTF-8 字节数 / 3.0（针对 payload JSON 经验值，误差 ±10%）。
+ */
+function countTokens(text) {
+    if (!text)
+        return 0;
+    const enc = getEncoder();
+    if (enc) {
+        try {
+            return enc.encode(text).length;
+        }
+        catch (err) {
+            console.warn('[TokenCounter] encode failed, using fallback:', err);
+        }
+    }
+    return Math.ceil(Buffer.byteLength(text, 'utf-8') / 3.0);
+}
+// ============ 模型 context 窗口缓存 ============
+// 由 proxyServer 在 fetchKiroModels 后通过 setModelContextWindow 填充
+// modelId → maxInputTokens
+const modelContextWindowCache = new Map();
+function setModelContextWindow(modelId, maxInputTokens) {
+    if (modelId && maxInputTokens > 0) {
+        modelContextWindowCache.set(modelId, maxInputTokens);
+    }
+}
+function getModelContextWindow(modelId) {
+    return modelContextWindowCache.get(modelId);
+}
+/**
+ * 归一化 model ID 用于模糊匹配：
+ *   claude-sonnet-4.5                   → claudesonnet45
+ *   CLAUDE_SONNET_4_5_20251001_V1_0     → claudesonnet45
+ *   claude-3.7-sonnet                   → claude37sonnet
+ */
+function normalizeModelId(id) {
+    return id
+        .toLowerCase()
+        .replace(/[-._]/g, '')
+        .replace(/\d{8}/g, '') // 移除日期 (20251001)
+        .replace(/v\d+$/g, '') // 移除尾部版本号 (v1)
+        .replace(/v\d+_\d+$/g, ''); // 移除 v1_0 形式
+}
+/**
+ * 从缓存中按模糊匹配查找 context window。
+ * 例如：用户传 alias `claude-sonnet-4.5`，但 cache 里存的是 CW 内部 ID
+ * `CLAUDE_SONNET_4_5_20251001_V1_0`，归一化后都是 `claudesonnet45`。
+ */
+function guessContextFromCache(modelId) {
+    if (modelContextWindowCache.size === 0)
+        return undefined;
+    const queryNorm = normalizeModelId(modelId);
+    if (!queryNorm)
+        return undefined;
+    // 精确归一化匹配
+    for (const [id, ctx] of modelContextWindowCache) {
+        if (normalizeModelId(id) === queryNorm)
+            return ctx;
+    }
+    // 双向子串匹配（处理别名简短形式）
+    for (const [id, ctx] of modelContextWindowCache) {
+        const idNorm = normalizeModelId(id);
+        if (idNorm.includes(queryNorm) || queryNorm.includes(idNorm))
+            return ctx;
+    }
+    return undefined;
+}
+/**
+ * 根据 model ID 返回 context 窗口大小（用于 contextUsagePercentage 反推 inputTokens）。
+ *
+ * 优先级：
+ *   1. 直接命中 cache（Kiro 真实拉取的 maxInputTokens，最准确）
+ *   2. 模糊匹配 cache（处理 alias ↔ CW 内部 ID 映射）
+ *   3. 关键词匹配兜底（cache 未填充时）
+ */
+function getModelContextLength(modelId) {
+    if (!modelId)
+        return 200000;
+    // 1. 优先用 Kiro 后端真实返回的 maxInputTokens
+    const cached = modelContextWindowCache.get(modelId);
+    if (cached && cached > 0)
+        return cached;
+    // 2. 模糊匹配 cache（alias ↔ CW 内部 ID）
+    const guessed = guessContextFromCache(modelId);
+    if (guessed && guessed > 0)
+        return guessed;
+    // 3. 关键词匹配兜底（首次请求 cache 未填充时使用）
+    const id = modelId.toLowerCase();
+    // Claude 系列（默认 200K）
+    if (id.includes('claude-opus-4') || id.includes('claude-sonnet-4') || id.includes('claude-haiku-4'))
+        return 200000;
+    if (id.includes('claude-3-7') || id.includes('claude-3.7'))
+        return 200000;
+    if (id.includes('claude-3-5') || id.includes('claude-3.5'))
+        return 200000;
+    if (id.includes('claude-3'))
+        return 200000;
+    if (id.includes('claude-2.1'))
+        return 200000;
+    if (id.includes('claude-2'))
+        return 100000;
+    if (id.includes('claude-instant'))
+        return 100000;
+    // GPT 系列
+    if (id.includes('gpt-4o') || id.includes('gpt-4-turbo'))
+        return 128000;
+    if (id.includes('gpt-4.1'))
+        return 1000000;
+    if (id.includes('gpt-4-32k'))
+        return 32768;
+    if (id.includes('gpt-4'))
+        return 8192;
+    if (id.includes('gpt-3.5-turbo-16k'))
+        return 16384;
+    if (id.includes('gpt-3.5'))
+        return 4096;
+    if (id.includes('o1') || id.includes('o3'))
+        return 128000;
+    // Gemini 系列
+    if (id.includes('gemini-2.5') || id.includes('gemini-2.0') || id.includes('gemini-1.5'))
+        return 1000000;
+    if (id.includes('gemini'))
+        return 32768;
+    // Amazon Titan / Nova 系列
+    if (id.includes('nova-pro') || id.includes('nova-lite'))
+        return 300000;
+    if (id.includes('nova-micro'))
+        return 128000;
+    if (id.includes('titan'))
+        return 8000;
+    // CodeWhisperer/Q Developer 内部模型一般跟 Claude 看齐
+    return 200000;
+}

package/out-server/main/proxy/toolNameRegistry.js

@@ -0,0 +1,57 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ToolNameRegistry = void 0;
+class ToolNameRegistry {
+    originalToKiro = new Map();
+    kiroToOriginal = new Map();
+    toKiroName(name) {
+        const existing = this.originalToKiro.get(name);
+        if (existing)
+            return existing;
+        const baseName = name.length <= 64 ? name : this.shorten(name);
+        const kiroName = this.ensureUnique(baseName, name);
+        this.originalToKiro.set(name, kiroName);
+        this.kiroToOriginal.set(kiroName, name);
+        return kiroName;
+    }
+    toClientName(name) {
+        return this.kiroToOriginal.get(name) || name;
+    }
+    restoreToolUse(toolUse) {
+        return {
+            ...toolUse,
+            name: this.toClientName(toolUse.name)
+        };
+    }
+    restoreToolUses(toolUses) {
+        return toolUses.map(toolUse => this.restoreToolUse(toolUse));
+    }
+    ensureUnique(baseName, originalName) {
+        const existing = this.kiroToOriginal.get(baseName);
+        if (!existing || existing === originalName)
+            return baseName;
+        const hash = this.hash(originalName);
+        const suffix = `_${hash}`;
+        const candidate = baseName.substring(0, Math.max(1, 64 - suffix.length)) + suffix;
+        const candidateExisting = this.kiroToOriginal.get(candidate);
+        if (!candidateExisting || candidateExisting === originalName)
+            return candidate;
+        throw new Error(`Tool name collision after shortening: ${originalName}`);
+    }
+    shorten(name) {
+        const hash = this.hash(name);
+        const suffix = `_${hash}`;
+        const readable = name.replace(/[^a-zA-Z0-9_-]/g, '_');
+        const maxPrefixLength = 64 - suffix.length;
+        return readable.substring(0, maxPrefixLength) + suffix;
+    }
+    hash(value) {
+        let hash = 2166136261;
+        for (let index = 0; index < value.length; index++) {
+            hash ^= value.charCodeAt(index);
+            hash = Math.imul(hash, 16777619);
+        }
+        return (hash >>> 0).toString(36);
+    }
+}
+exports.ToolNameRegistry = ToolNameRegistry;