@nick3/copilot-api 1.10.9 → 1.10.29

package/dist/{server-GxNB5Syq.js → server-DJ3_UGc4.js}

@@ -1,109 +1,26 @@
-import { A as state, D as prepareInteractionHeaders, E as prepareForCompact, I as compactAutoContinuePromptStarts, L as compactMessageSections, N as requestContext, O as prepareMessageProxyHeaders, P as resolveTraceId, S as copilotWebSocketHeaders, T as normalizeDomain, _ as HTTPError, b as copilotHeaders, c as getUUID, d as parseUserIdMetadata, f as resolveAffinityKey, g as getCopilotUsage, h as getDeviceCode, j as captureOutboundHeadersSnapshot, k as accountFromState, l as isNullish, m as getGitHubUser, o as generateRequestIdFromPayload, p as sleep, s as getRootSessionId, t as pollAccessToken, u as normalizeStableSessionId, v as forwardError, y as copilotBaseUrl, z as compactSystemPromptStarts } from "./poll-access-token-BAgM2-7k.js";
-import { a as getAccountClientIdentityByLoginAndApp, b as getCurrentIdentityEnvironment, d as loadRegistry, g as saveRegistry, h as saveAccountToken, l as listAccountsFromRegistry, m as removeAccountToken, p as removeAccountFromRegistry, r as addAccountToRegistry, t as isAccountType } from "./account-COtMmvzU.js";
-import { r as ensurePaths, t as PATHS } from "./paths-CclKwouX.js";
-import { i as getRequestOutboundStore, r as getRedactedHeaderKeys } from "./request-outbound-Pu1kp2x8.js";
-import { a as isDeferredToolName, c as parseMcpToolSearchSentinel, i as isBridgeToolSearchName, l as selectDeferredToolsByNames, o as listDeferredToolNames, r as formatToolSearchBridgeArguments, s as normalizeToolSearchBridgeArguments, t as BRIDGE_TOOL_SEARCH_NAME, u as shouldEnableResponsesToolSearch } from "./tool-search-BrN7M0Dd.js";
-import { A as getModelRefreshIntervalMs, B as isResponsesApiWebSocketEnabled, C as getAnthropicApiKey, D as getLogLevel, E as getExtraPromptForModel, F as isForceAgentEnabled, H as resolveModelAlias, I as isMessageStartInputTokensFallbackEnabled, L as isMessagesApiEnabled, M as getReasoningEffortForModel, N as getSmallModel, O as getModelAliases, P as isAccountAffinityEnabled, R as isResponsesApiContextManagementModel, S as getAliasTargetSet, T as getConfig, U as shouldCompactUseSmallModel, V as mergeConfigWithDefaults, _ as toLocalDateString, b as isDevModeEnabled, c as applySharedSessionAffinityRetention, d as getClientIpInfo, f as getRequestHistoryStore, g as normalizeMessagesUsage, h as normalizeEmbeddingsUsage, j as getProviderConfig, k as getModelAliasesInfo, l as extractResponsesUsageFromResult, m as normalizeChatCompletionsUsage, o as updateQuotaRefreshSchedulerFromConfig, p as getStatsStore, s as accountsManager, t as getProxyEnvDispatcher, u as extractResponsesUsageFromStreamEvent, v as copilotFetch, w as getClaudeTokenMultiplier, x as PROVIDER_TYPE_ANTHROPIC, y as flushPendingCapture, z as isResponsesApiWebSearchEnabled } from "./proxy-_U-hgwIn.js";
+import { A as accountFromState, B as compactSystemPromptStarts, C as copilotHeaders, D as prepareForCompact, E as normalizeDomain, F as resolveTraceId, L as compactAutoContinuePromptStarts, M as captureOutboundHeadersSnapshot, O as prepareInteractionHeaders, P as requestContext, R as compactMessageSections, S as copilotBaseUrl, T as copilotWebSocketHeaders, b as HTTPError, c as getUUID, d as parseUserIdMetadata, f as resolveAffinityKey, g as getCopilotUsage, h as getDeviceCode, j as state, k as prepareMessageProxyHeaders, l as isNullish, m as getGitHubUser, o as generateRequestIdFromPayload, p as sleep, s as getRootSessionId, t as pollAccessToken, u as normalizeStableSessionId, v as getProxyEnvDispatcher, x as forwardError } from "./poll-access-token-GzVkiTH8.js";
+import { a as getAccountClientIdentityByLoginAndApp, b as getCurrentIdentityEnvironment, d as loadRegistry, g as saveRegistry, h as saveAccountToken, l as listAccountsFromRegistry, m as removeAccountToken, p as removeAccountFromRegistry, r as addAccountToRegistry, t as isAccountType } from "./account-DpW8RaT6.js";
+import { r as ensurePaths, t as PATHS } from "./paths-Bpsb62LK.js";
+import { C as isResponsesApiWebSocketEnabled, E as resolveModelAlias, O as shouldCompactUseSmallModel, S as isResponsesApiWebSearchEnabled, T as mergeConfigWithDefaults, _ as isAccountAffinityEnabled, a as getConfig, b as isMessagesApiEnabled, c as getModelAliases, d as getProviderConfig, g as getSmallModel, i as getClaudeTokenMultiplier, l as getModelAliasesInfo, m as getReasoningEffortForModel, n as getAliasTargetSet, o as getExtraPromptForModel, r as getAnthropicApiKey, s as getLogLevel, t as PROVIDER_TYPE_ANTHROPIC, u as getModelRefreshIntervalMs, v as isForceAgentEnabled, x as isResponsesApiContextManagementEnabled, y as isMessageStartInputTokensFallbackEnabled } from "./config-CmhIPHn_.js";
+import { i as getRequestOutboundStore, r as getRedactedHeaderKeys } from "./request-outbound-DZTxxtcx.js";
+import { i as isMcpHttpEnabledFromEnv, n as DEFAULT_MCP_HTTP_PATH } from "./mcp-http-config-DMdUDz1D.js";
+import { a as isDeferredToolName, c as parseMcpToolSearchSentinel, i as isBridgeToolSearchName, l as selectDeferredToolsByNames, n as BRIDGE_TOOL_SEARCH_NAME, o as listDeferredToolNames, r as formatToolSearchBridgeArguments, s as normalizeToolSearchBridgeArguments, u as shouldEnableResponsesToolSearch } from "./mcp-server-DEqHrXFq.js";
+import { n as handleStreamableHttpMcpRequest, r as mcpHttpCorsOptions } from "./mcp-http-DI4Vz01p.js";
+import { S as createAuthMiddleware, _ as normalizeMessagesUsage, b as flushPendingCapture, c as accountsManager, d as extractResponsesUsageFromStreamEvent, f as getClientIpInfo, g as normalizeEmbeddingsUsage, h as normalizeChatCompletionsUsage, l as applySharedSessionAffinityRetention, m as getStatsStore, p as getRequestHistoryStore, s as updateQuotaRefreshSchedulerFromConfig, t as closeResponsesBridge, u as extractResponsesUsageFromResult, v as toLocalDateString, x as isDevModeEnabled, y as copilotFetch } from "./responses-bridge-registry-BJ5Sbh6-.js";
 import consola from "consola";
 import fs, { readFile } from "node:fs/promises";
-import { createHash, randomUUID, timingSafeEqual } from "node:crypto";
+import { createHash, randomUUID } from "node:crypto";
 import * as path$1 from "node:path";
 import path from "node:path";
-import { fileURLToPath } from "node:url";
+import { events } from "fetch-event-stream";
 import fs$1, { existsSync } from "node:fs";
+import { WebSocket } from "undici";
+import { fileURLToPath } from "node:url";
 import { Hono } from "hono";
 import { cors } from "hono/cors";
 import { logger } from "hono/logger";
 import { streamSSE } from "hono/streaming";
-import { events } from "fetch-event-stream";
 import util from "node:util";
-import { WebSocket } from "undici";
-//#region src/lib/request-auth.ts
-const LEGACY_API_KEY_ENV_VAR = "COPILOT_API_KEY";
-let warnedLegacyEnvFallback = false;
-let warnedLegacyConfigFallback = false;
-function normalizeApiKeys(apiKeys) {
-	if (!Array.isArray(apiKeys)) {
-		if (apiKeys !== void 0) consola.warn("Invalid auth.apiKeys config. Expected an array of strings.");
-		return [];
-	}
-	const normalizedKeys = apiKeys.filter((key) => typeof key === "string").map((key) => key.trim()).filter((key) => key.length > 0);
-	if (normalizedKeys.length !== apiKeys.length) consola.warn("Invalid auth.apiKeys entries found. Only non-empty strings are allowed.");
-	return [...new Set(normalizedKeys)];
-}
-function getConfiguredApiKeys() {
-	const config = getConfig();
-	const configuredApiKeys = normalizeApiKeys(config.auth?.apiKeys);
-	if (configuredApiKeys.length > 0) return configuredApiKeys;
-	const envApiKey = process.env[LEGACY_API_KEY_ENV_VAR]?.trim();
-	if (envApiKey) {
-		if (!warnedLegacyEnvFallback) {
-			warnedLegacyEnvFallback = true;
-			consola.warn(`Using legacy ${LEGACY_API_KEY_ENV_VAR}. Please migrate to config.auth.apiKeys.`);
-		}
-		return [envApiKey];
-	}
-	const legacyConfigApiKey = config.apiKey?.trim();
-	if (legacyConfigApiKey) {
-		if (!warnedLegacyConfigFallback) {
-			warnedLegacyConfigFallback = true;
-			consola.warn("Using deprecated config.apiKey. Please migrate to config.auth.apiKeys.");
-		}
-		return [legacyConfigApiKey];
-	}
-	return configuredApiKeys;
-}
-function extractRequestApiKey(c) {
-	const xApiKey = c.req.header("x-api-key")?.trim();
-	if (xApiKey) return xApiKey;
-	const authorization = c.req.header("authorization");
-	if (!authorization) return null;
-	const [scheme, ...rest] = authorization.trim().split(/\s+/);
-	if (scheme.toLowerCase() !== "bearer") return null;
-	return rest.join(" ").trim() || null;
-}
-function createUnauthorizedResponse(c) {
-	c.header("WWW-Authenticate", "Bearer realm=\"copilot-api\"");
-	return c.json({ error: {
-		message: "Unauthorized. Provide Authorization: Bearer <key> or x-api-key.",
-		type: "unauthorized"
-	} }, 401);
-}
-function normalizePathname(pathname) {
-	if (pathname.length > 1 && pathname.endsWith("/")) return pathname.slice(0, -1);
-	return pathname;
-}
-function hasPrefixBoundary(pathname, prefix) {
-	return pathname === prefix || pathname.startsWith(`${prefix}/`);
-}
-function timingSafeKeyCompare(a, b) {
-	try {
-		const aBuf = Buffer.from(a);
-		const bBuf = Buffer.from(b);
-		if (aBuf.length !== bBuf.length) return false;
-		return timingSafeEqual(aBuf, bBuf);
-	} catch {
-		return false;
-	}
-}
-function createAuthMiddleware(options = {}) {
-	const getApiKeys = options.getApiKeys ?? getConfiguredApiKeys;
-	const allowUnauthenticatedPaths = new Set((options.allowUnauthenticatedPaths ?? ["/"]).map((path) => normalizePathname(path)));
-	const allowUnauthenticatedPathPrefixes = (options.allowUnauthenticatedPathPrefixes ?? []).map((path) => normalizePathname(path));
-	const allowOptionsBypass = options.allowOptionsBypass ?? true;
-	return async (c, next) => {
-		if (allowOptionsBypass && c.req.method === "OPTIONS") return next();
-		const pathname = normalizePathname(new URL(c.req.url, "http://local").pathname);
-		if (allowUnauthenticatedPaths.has(pathname)) return next();
-		if (allowUnauthenticatedPathPrefixes.some((prefix) => hasPrefixBoundary(pathname, prefix))) return next();
-		const apiKeys = getApiKeys();
-		if (apiKeys.length === 0) return next();
-		const requestApiKey = extractRequestApiKey(c);
-		if (!(requestApiKey ? apiKeys.some((apiKey) => timingSafeKeyCompare(requestApiKey, apiKey)) : false)) return createUnauthorizedResponse(c);
-		return next();
-	};
-}
-//#endregion
 //#region src/lib/trace.ts
 const traceIdMiddleware = async (c, next) => {
 	const traceId = resolveTraceId(c.req.header("x-trace-id"));
@@ -112,7 +29,7 @@ const traceIdMiddleware = async (c, next) => {
 		traceId,
 		startTime: Date.now(),
 		userAgent: c.req.header("user-agent") || "",
-		sessionAffinity: c.req.header("x-session-affinity"),
+		sessionAffinity: c.req.header("x-session-affinity") ?? c.req.header("x-client-request-id"),
 		parentSessionId: c.req.header("x-parent-session-id")
 	};
 	await requestContext.run(context, async () => {
@@ -302,7 +219,7 @@ const findEndpointModel = (sdkModelId) => {
 	const models = getAvailableModels();
 	const exactMatch = models.find((m) => m.id === sdkModelId);
 	if (exactMatch) return exactMatch;
-	const normalized = _normalizeSdkModelId(sdkModelId);
+	const normalized = normalizeSdkModelId(sdkModelId);
 	if (!normalized) return;
 	const modelName = `claude-${normalized.family}-${normalized.version}`;
 	return models.find((m) => m.id === modelName);
@@ -317,22 +234,22 @@ const findEndpointModel = (sdkModelId) => {
 * - "claude-haiku-3-5-20250514" -> { family: "haiku", version: "3.5" }
 * - "claude-haiku-4.5" -> { family: "haiku", version: "4.5" }
 */
-const _normalizeSdkModelId = (sdkModelId) => {
+const normalizeSdkModelId = (sdkModelId) => {
 	const withoutDate = sdkModelId.toLowerCase().replace(/-\d{8}$/, "");
-	const pattern1 = withoutDate.match(/^claude-(\w+)-(\d+)-(\d+)$/);
+	const pattern1 = withoutDate.match(/^claude-(\w+)-(\d+)\.(\d+)$/);
 	if (pattern1) return {
 		family: pattern1[1],
 		version: `${pattern1[2]}.${pattern1[3]}`
 	};
-	const pattern2 = withoutDate.match(/^claude-(\d+)-(\d+)-(\w+)$/);
+	const pattern2 = withoutDate.match(/^claude-(\w+)-(\d+)-(\d+)$/);
 	if (pattern2) return {
-		family: pattern2[3],
-		version: `${pattern2[1]}.${pattern2[2]}`
+		family: pattern2[1],
+		version: `${pattern2[2]}.${pattern2[3]}`
 	};
-	const pattern3 = withoutDate.match(/^claude-(\w+)-(\d+)\.(\d+)$/);
+	const pattern3 = withoutDate.match(/^claude-(\d+)-(\d+)-(\w+)$/);
 	if (pattern3) return {
-		family: pattern3[1],
-		version: `${pattern3[2]}.${pattern3[3]}`
+		family: pattern3[3],
+		version: `${pattern3[1]}.${pattern3[2]}`
 	};
 	const pattern4 = withoutDate.match(/^claude-(\w+)-(\d+)$/);
 	if (pattern4) return {
@@ -411,7 +328,7 @@ const logCopilotQuotaSnapshots = (snapshots) => {
 const logCopilotRateLimitUsage = (usage) => {
 	const d = new Date(usage.resetAt);
 	const dateStr = Number.isNaN(d.getTime()) ? usage.resetAt : d.toLocaleString();
-	consola.info(`Copilot ${usage.type} quota remaining: ${usage.remaining}, resets at: ${dateStr}`);
+	consola.log(`Copilot ${usage.type} quota remaining: ${usage.remaining}, resets at: ${dateStr}`);
 };
 const isCopilotQuotaSnapshot = (value) => {
 	if (!value || typeof value !== "object") return false;
@@ -693,10 +610,95 @@ const getTokenCount = async (payload, model) => {
 		output: outputTokens
 	};
 };
+const SYSTEM_REMINDER_START = "<system-reminder>";
+const SYSTEM_REMINDER_END = "</system-reminder>";
+const SUBAGENT_START_HOOK_ADDITIONAL_PREFIX = "SubagentStart hook additional";
 const IDE_EXECUTE_CODE_TOOL = "mcp__ide__executeCode";
 const IDE_GET_DIAGNOSTICS_TOOL = "mcp__ide__getDiagnostics";
 const IDE_GET_DIAGNOSTICS_DESCRIPTION = "Get language diagnostics from VS Code. Returns errors, warnings, information, and hints for files in the workspace.";
 const PDF_FILE_READ_PREFIX = "PDF file read:";
+const createTextBlock = (text) => ({
+	type: "text",
+	text
+});
+const appendTextSegment = (base, addition) => {
+	if (base.length === 0) return addition;
+	if (addition.length === 0) return base;
+	return `${base}\n\n${addition}`;
+};
+const ensureSystemReminderText = (text) => {
+	if (text.startsWith(SYSTEM_REMINDER_START)) return text;
+	return `${SYSTEM_REMINDER_START}\n${text.trim()}\n${SYSTEM_REMINDER_END}`;
+};
+const normalizeSystemStringForMerge = (text) => {
+	if (!text.startsWith(SUBAGENT_START_HOOK_ADDITIONAL_PREFIX)) return ensureSystemReminderText(text);
+	const lineBreakMatch = /\r?\n/.exec(text);
+	if (!lineBreakMatch) return [createTextBlock(ensureSystemReminderText(text))];
+	const firstLine = text.slice(0, lineBreakMatch.index);
+	const rest = text.slice(lineBreakMatch.index + lineBreakMatch[0].length);
+	return [createTextBlock(ensureSystemReminderText(firstLine)), ...rest.length > 0 ? [createTextBlock(ensureSystemReminderText(rest))] : []];
+};
+const normalizeSystemContentForMerge = (content) => {
+	if (typeof content === "string") return normalizeSystemStringForMerge(content);
+	return content.map((block) => block.text.startsWith(SYSTEM_REMINDER_START) ? block : {
+		...block,
+		text: ensureSystemReminderText(block.text)
+	});
+};
+const toSystemTextBlocks = (content) => {
+	return typeof content === "string" ? [createTextBlock(content)] : [...content];
+};
+const mergeSystemPromptContent = (current, addition) => {
+	if (current === void 0) return typeof addition === "string" ? addition : [...addition];
+	if (typeof current === "string" && typeof addition === "string") return appendTextSegment(current, addition);
+	return [...toSystemTextBlocks(current), ...toSystemTextBlocks(addition)];
+};
+const prependSystemContentToUserMessage = (message, addition) => {
+	if (typeof message.content === "string" && typeof addition === "string") {
+		message.content = appendTextSegment(addition, message.content);
+		return;
+	}
+	if (Array.isArray(message.content)) {
+		const lastToolResultIndex = message.content.findLastIndex((block) => block.type === "tool_result");
+		if (lastToolResultIndex >= 0) {
+			message.content = [
+				...message.content.slice(0, lastToolResultIndex + 1),
+				...toSystemTextBlocks(addition),
+				...message.content.slice(lastToolResultIndex + 1)
+			];
+			return;
+		}
+	}
+	message.content = [...toSystemTextBlocks(addition), ...typeof message.content === "string" ? [createTextBlock(message.content)] : message.content];
+};
+const normalizeSystemMessages = (payload) => {
+	if (!Array.isArray(payload.messages) || !payload.messages.some((msg) => msg.role === "system")) return;
+	const normalizedMessages = [];
+	let system = payload.system;
+	for (const message of payload.messages) {
+		if (message.role === "system") {
+			const normalizedContent = normalizeSystemContentForMerge(message.content);
+			const previousMessage = normalizedMessages.at(-1);
+			if (previousMessage?.role === "user") prependSystemContentToUserMessage(previousMessage, normalizedContent);
+			else if (!previousMessage) system = mergeSystemPromptContent(system, normalizedContent);
+			continue;
+		}
+		normalizedMessages.push(message);
+	}
+	payload.messages = normalizedMessages;
+	payload.system = system;
+};
+const isVersionAtLeast = (version, minimumMajor, minimumMinor) => {
+	const [majorPart, minorPart = "0"] = version.split(".");
+	const major = Number.parseInt(majorPart, 10);
+	const minor = Number.parseInt(minorPart, 10);
+	if (!Number.isInteger(major) || !Number.isInteger(minor)) return false;
+	return major > minimumMajor || major === minimumMajor && minor >= minimumMinor;
+};
+const shouldSummarizeThinkingDisplayForModel = (model) => {
+	const normalized = normalizeSdkModelId(model);
+	return Boolean(normalized && isVersionAtLeast(normalized.version, 4, 7));
+};
 const getBlockCacheControl = (block) => {
 	if (!block || block.type === "thinking") return;
 	const cacheControl = block.cache_control;
@@ -966,7 +968,7 @@ const prepareMessagesApiPayload = (payload, selectedModel) => {
 	if (selectedModel?.capabilities.supports.adaptive_thinking && !disableThink) {
 		payload.thinking = { type: "adaptive" };
 		if (!hasThinking) payload.thinking.display = "summarized";
-		if (payload.model === "claude-opus-4.7") payload.thinking.display = "summarized";
+		if (shouldSummarizeThinkingDisplayForModel(payload.model)) payload.thinking.display = "summarized";
 		let effort = getReasoningEffortForModel(payload.model);
 		if (effort === "none" || effort === "minimal") effort = "low";
 		const reasoningEffort = selectedModel.capabilities.supports.reasoning_effort;
@@ -1884,7 +1886,11 @@ const PROVIDER_CONFIG_FIELDS = [
 	"models",
 	"adjustInputTokens"
 ];
-const PROVIDER_AUTH_TYPES = ["authorization", "x-api-key"];
+const PROVIDER_AUTH_TYPES = [
+	"authorization",
+	"oauth2",
+	"x-api-key"
+];
 const PROVIDER_CONFIG_KEYS = new Set(PROVIDER_CONFIG_FIELDS);
 function isProviderAuthType(value) {
 	return PROVIDER_AUTH_TYPES.includes(value);
@@ -4548,6 +4554,7 @@ async function handleProviderCountTokens(c) {
 }
 async function handleProviderCountTokensForProvider(c, options) {
 	const { payload: anthropicPayload, provider } = options;
+	normalizeSystemMessages(anthropicPayload);
 	const providerConfig = resolveProviderConfig$2(c, provider);
 	if (!providerConfig) return c.json({ error: {
 		message: `Provider '${provider}' not found or disabled`,
@@ -4559,7 +4566,7 @@ async function handleProviderCountTokensForProvider(c, options) {
 	} }, 400);
 	const modelId = anthropicPayload.model.trim();
 	const modelConfig = providerConfig.models?.[modelId];
-	const translationOptions = providerConfig.type === "openai-compatible" ? {
+	const translationOptions = providerConfig.type === "openai-compatible" || providerConfig.type === "openai-responses" ? {
 		supportPdf: modelConfig?.supportPdf,
 		toolContentSupportType: modelConfig?.toolContentSupportType ?? []
 	} : void 0;
@@ -4639,6 +4646,7 @@ async function countTokensViaAnthropic(c, payload) {
 async function handleCountTokens(c) {
 	const anthropicPayload = await c.req.json();
 	anthropicPayload.model = resolveModelAlias(anthropicPayload.model);
+	normalizeSystemMessages(anthropicPayload);
 	const providerModelAlias = resolveExistingProviderModelAlias(anthropicPayload.model, getProviderConfigResolver$1(c));
 	if (providerModelAlias) {
 		anthropicPayload.model = providerModelAlias.model;
@@ -4676,7 +4684,7 @@ async function handleCountTokens(c) {
 //#endregion
 //#region src/services/copilot/create-responses.ts
 const RESPONSES_WEBSOCKET_IDLE_TIMEOUT_MS = 6e4;
-const createResponses = async (payload, { vision, initiator, upstreamRequestId, subagentMarker, sessionId, compactType, requestId, fetchImpl, transport = "http" }, account) => {
+const createResponses = async (payload, { vision, initiator, upstreamRequestId, subagentMarker, sessionId, compactType, requestId, fetchImpl, transport = "http", bridgeId }, account) => {
 	const ctx = account ?? accountFromState();
 	if (!ctx.copilotToken) throw new Error("Copilot token not found");
 	const effectiveInitiator = resolveEffectiveInitiator(initiator, {
@@ -4696,7 +4704,9 @@ const createResponses = async (payload, { vision, initiator, upstreamRequestId,
 		const stream = createPooledResponsesWebSocketStream(prepareResponsesWebSocketRequest(payload, headers, {
 			copilotToken: ctx.copilotToken,
 			requestId: requestId ?? upstreamRequestId ?? "missing-request-id",
-			subagentMarker
+			sessionId,
+			subagentMarker,
+			bridgeId
 		}), copilotBaseUrl(ctx));
 		if (payload.stream) return stream;
 		return await consumeResponsesWebSocketStream(stream);
@@ -4729,20 +4739,22 @@ const prepareResponsesWebSocketRequest = (payload, preparedHeaders, options) =>
 	return {
 		headers: copilotWebSocketHeaders(preparedHeaders),
 		poolKey: buildResponsesWebSocketPoolKey(payload, options),
-		payload: buildResponsesWebSocketPayload(payload, initiator)
+		payload: buildResponsesWebSocketPayload(payload, initiator),
+		bridgeId: options.bridgeId
 	};
 };
-const buildResponsesWebSocketPoolKey = (payload, { copilotToken, requestId, subagentMarker }) => {
+const buildResponsesWebSocketPoolKey = (payload, { copilotToken, requestId, sessionId, subagentMarker }) => {
 	const tokenFingerprint = copilotToken ? createHash("sha256").update(copilotToken).digest("hex").slice(0, 16) : "missing-token";
 	const subagentKey = subagentMarker ? [
 		subagentMarker.session_id,
 		subagentMarker.agent_id,
 		subagentMarker.agent_type
 	].join(":") : "main";
+	const connectionAffinityKey = sessionId ?? requestId;
 	return [
 		tokenFingerprint,
 		payload.model,
-		requestId,
+		connectionAffinityKey,
 		subagentKey
 	].map(encodePoolKeyPart).join("|");
 };
@@ -4797,6 +4809,7 @@ const getResponsesWebSocketRequestTarget = (request, baseUrl) => {
 	const existing = responsesWebSocketPool.get(request.poolKey);
 	if (existing && !existing.closed) {
 		clearResponsesWebSocketIdleTimer(existing);
+		existing.bridgeId = request.bridgeId;
 		return {
 			entry: existing,
 			pooled: true
@@ -4817,13 +4830,16 @@ const createResponsesWebSocketEntry = (request, baseUrl) => {
 		websocketPromise: openResponsesWebSocket({
 			headers: request.headers,
 			url: buildResponsesWebSocketUrl(baseUrl)
-		})
+		}),
+		bridgeId: request.bridgeId
 	};
 	entry.websocketPromise.then((websocket) => {
 		websocket.addEventListener("close", () => {
+			maybeCloseResponsesBridgeForReapedEntry(request.poolKey, entry);
 			removeResponsesWebSocketPoolEntry(request.poolKey, entry);
 		});
 		websocket.addEventListener("error", () => {
+			maybeCloseResponsesBridgeForReapedEntry(request.poolKey, entry);
 			removeResponsesWebSocketPoolEntry(request.poolKey, entry);
 		});
 	}).catch(() => {
@@ -4831,6 +4847,10 @@ const createResponsesWebSocketEntry = (request, baseUrl) => {
 	});
 	return entry;
 };
+const maybeCloseResponsesBridgeForReapedEntry = (poolKey, entry) => {
+	if (entry.bridgeId === void 0 || entry.requestCount > 0 || responsesWebSocketPool.get(poolKey) !== entry) return;
+	closeResponsesBridge(entry.bridgeId);
+};
 const acquireResponsesWebSocketEntry = (poolKey, entry, pooled) => {
 	clearResponsesWebSocketIdleTimer(entry);
 	incrementResponsesWebSocketActiveRequestCount(poolKey);
@@ -4862,6 +4882,7 @@ const getReadyResponsesWebSocket = async (poolKey, entry, pooled) => {
 const scheduleResponsesWebSocketIdleClose = (poolKey, entry) => {
 	clearResponsesWebSocketIdleTimer(entry);
 	entry.idleTimer = setTimeout(() => {
+		maybeCloseResponsesBridgeForReapedEntry(poolKey, entry);
 		removeResponsesWebSocketPoolEntry(poolKey, entry);
 	}, RESPONSES_WEBSOCKET_IDLE_TIMEOUT_MS);
 	unrefTimer(entry.idleTimer);
@@ -5408,7 +5429,7 @@ const translateResponsesResultToAnthropic = (response, options) => {
 	const usage = mapResponsesUsage(response);
 	let anthropicContent = fallbackContentBlocks(response.output_text);
 	if (contentBlocks.length > 0) anthropicContent = contentBlocks;
-	const stopReason = mapResponsesStopReason(response);
+	const stopReason = mapResponsesStopReason(response, options);
 	return {
 		id: response.id,
 		type: "message",
@@ -5422,6 +5443,7 @@ const translateResponsesResultToAnthropic = (response, options) => {
 };
 const mapOutputToAnthropicContent = (output, options) => {
 	const contentBlocks = [];
+	if (!output) output = [];
 	for (const item of output) switch (item.type) {
 		case "reasoning": {
 			const thinkingText = extractReasoningText(item);
@@ -5562,9 +5584,10 @@ const fallbackContentBlocks = (outputText) => {
 		text: outputText
 	}];
 };
-const mapResponsesStopReason = (response) => {
+const mapResponsesStopReason = (response, options) => {
 	const { status, incomplete_details: incompleteDetails } = response;
 	if (status === "completed") {
+		if (!response.output || response.output.length === 0) return options?.hasToolCall ? "tool_use" : "end_turn";
 		if (response.output.some((item) => item.type === "function_call" || item.type === "tool_search_call")) return "tool_use";
 		return "end_turn";
 	}
@@ -5992,7 +6015,7 @@ function closeThinkingBlockIfOpen(state, events) {
 	}
 }
 //#endregion
-//#region src/services/providers/anthropic-proxy.ts
+//#region src/services/providers/provider-proxy.ts
 const SHARED_FORWARDABLE_HEADERS = ["accept", "user-agent"];
 const ANTHROPIC_FORWARDABLE_HEADERS = ["anthropic-version", "anthropic-beta"];
 const STRIPPED_RESPONSE_HEADERS = [
@@ -6009,8 +6032,8 @@ const STRIPPED_RESPONSE_HEADERS = [
 ];
 function buildProviderUpstreamHeaders(providerConfig, requestHeaders) {
 	const authHeaders = {};
-	if (providerConfig.authType === "authorization") authHeaders.authorization = `Bearer ${providerConfig.apiKey}`;
-	else authHeaders["x-api-key"] = providerConfig.apiKey;
+	if (providerConfig.authType === "x-api-key") authHeaders["x-api-key"] = providerConfig.apiKey;
+	else authHeaders.authorization = `Bearer ${providerConfig.apiKey}`;
 	const headers = {
 		"content-type": "application/json",
 		accept: "application/json",
@@ -6027,10 +6050,10 @@ function buildProviderUpstreamHeaders(providerConfig, requestHeaders) {
 	}
 	return headers;
 }
-function createProviderProxyResponse(upstreamResponse) {
+function createProviderProxyResponse(upstreamResponse, body) {
 	const headers = new Headers(upstreamResponse.headers);
 	for (const headerName of STRIPPED_RESPONSE_HEADERS) headers.delete(headerName);
-	return new Response(upstreamResponse.body, {
+	return new Response(body ?? upstreamResponse.body, {
 		headers,
 		status: upstreamResponse.status,
 		statusText: upstreamResponse.statusText
@@ -6528,7 +6551,8 @@ const createResponsesStreamState = (options) => ({
 	openBlocks: /* @__PURE__ */ new Set(),
 	blockHasDelta: /* @__PURE__ */ new Set(),
 	functionCallStateByOutputIndex: /* @__PURE__ */ new Map(),
-	toolSearchName: options?.toolSearchName ?? "mcp__tool_search__search"
+	toolSearchName: options?.toolSearchName ?? "mcp__tool_search__search",
+	hasToolCall: false
 });
 const translateResponsesStreamEvent = (rawEvent, state) => {
 	switch (rawEvent.type) {
@@ -6776,7 +6800,10 @@ const handleResponseCompleted = (rawEvent, state) => {
 	const events = new Array();
 	closeAllOpenBlocks(state, events);
 	state.responseStatus = response.status;
-	const anthropic = translateResponsesResultToAnthropic(response);
+	const anthropic = translateResponsesResultToAnthropic(response, {
+		hasToolCall: state.hasToolCall,
+		toolSearchName: state.toolSearchName
+	});
 	events.push({
 		type: "message_delta",
 		delta: {
@@ -6908,6 +6935,7 @@ const buildErrorEvent = (message) => ({
 const getBlockKey = (outputIndex, contentIndex) => `${outputIndex}:${contentIndex}`;
 const openFunctionCallBlock = (state, params) => {
 	const { outputIndex, toolCallId, name, events } = params;
+	state.hasToolCall = true;
 	let functionCallState = state.functionCallStateByOutputIndex.get(outputIndex);
 	if (!functionCallState) {
 		const blockIndex = state.nextContentBlockIndex;
@@ -6961,8 +6989,9 @@ const stringifyToolSearchArguments = (argumentsValue) => {
 		return;
 	}
 };
+const DEFAULT_RESPONSES_COMPACT_THRESHOLD_RATIO = .9;
 const responsesUtilsDependencies = {
-	isResponsesApiContextManagementModel,
+	isResponsesApiContextManagementEnabled,
 	isResponsesApiWebSocketEnabled
 };
 const getResponsesRequestOptions = (payload) => {
@@ -6992,18 +7021,35 @@ const isAgentRole = (item) => {
 const hasVisionInput$1 = (payload) => {
 	return getPayloadItems(payload).some((item) => containsVisionContent(item));
 };
-const resolveResponsesCompactThreshold = (maxPromptTokens) => {
-	if (typeof maxPromptTokens === "number" && maxPromptTokens > 0) return Math.floor(maxPromptTokens * .9);
-	return 5e4;
+"" + [
+	"iVBORw0KGgoAAAANSUhEUgAAAGAAAAAgCAMAAADaHo1mAAADAFBMVEX///8fKTfR1dsAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+	"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+	"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+	"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+	"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+	"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+	"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+	"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+	"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+	"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+	"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+	"AAAAAAAAAAAAAAAAAAAAAACae8QWAAAAvElEQVR42u1WixKAIAhj/f9Hdz2BXJiVed3pVSYtpgwsGSo3GaRq6wSd4F8EyIJx",
+	"ydSUAMB8il51sHT2fiVQu8czguQwXWAyFvswIJhmoS9gmzYlcFiHj1aAgzcJVgCyguYhAhNZmMhYQZs1EJnnIAqKiuHjSrZT",
+	"ucSQ4s8JkKDDIYr3IuR8vEWgqroKP9b1bYKk2wfgeVmqATQLXdXamsXdEKkz3QXEEeTTuWWImMhW6qci94/+hwSVf99HqVoD",
+	"OAuj2SEAAAAASUVORK5CYII="
+].join("");
+const resolveResponsesCompactThreshold = (maxPromptTokens, compactThresholdRatio = DEFAULT_RESPONSES_COMPACT_THRESHOLD_RATIO) => {
+	if (typeof maxPromptTokens === "number" && maxPromptTokens > 0) return Math.floor(maxPromptTokens * compactThresholdRatio);
+	return 2e5 * compactThresholdRatio;
 };
 const createCompactionContextManagement = (compactThreshold) => [{
 	type: "compaction",
 	compact_threshold: compactThreshold
 }];
-const applyResponsesApiContextManagement = (payload, maxPromptTokens) => {
+const applyResponsesApiContextManagement = (payload, maxPromptTokens, compactThresholdRatio = DEFAULT_RESPONSES_COMPACT_THRESHOLD_RATIO) => {
 	if (payload.context_management !== void 0) return;
-	if (!responsesUtilsDependencies.isResponsesApiContextManagementModel(payload.model)) return;
-	payload.context_management = createCompactionContextManagement(resolveResponsesCompactThreshold(maxPromptTokens));
+	if (!responsesUtilsDependencies.isResponsesApiContextManagementEnabled()) return;
+	payload.context_management = createCompactionContextManagement(resolveResponsesCompactThreshold(maxPromptTokens, compactThresholdRatio));
 };
 const compactInputByLatestCompaction = (payload) => {
 	if (!Array.isArray(payload.input) || payload.input.length === 0) return;
@@ -7106,7 +7152,7 @@ const buildMessagesHeaders = ({ ctx, enableVision, initiator, options, payload }
 	};
 	prepareInteractionHeaders(options?.sessionId, Boolean(options?.subagentMarker), headers);
 	prepareForCompact(headers, options?.compactType);
-	if (shouldUseMessageProxyHeaders(payload)) prepareMessageProxyHeaders(headers);
+	if (shouldUseMessageProxyHeaders(payload) && payload.model !== "claude-opus-4.8") prepareMessageProxyHeaders(headers);
 	const anthropicBeta = buildAnthropicBetaHeader(options?.anthropicBetaHeader, payload.thinking, payload.model);
 	if (anthropicBeta) headers["anthropic-beta"] = anthropicBeta;
 	return headers;
@@ -7364,6 +7410,7 @@ async function handleCompletion(c) {
 	const path = new URL(c.req.url, "http://local").pathname;
 	const { ip: clientIp, source: clientIpSource } = getClientIpInfo(c);
 	const userAgent = c.req.header("user-agent") ?? void 0;
+	normalizeSystemMessages(anthropicPayload);
 	sanitizeIdeTools(anthropicPayload);
 	debugJson(logger$3, "Anthropic request payload:", anthropicPayload);
 	const markerInspection = inspectSubagentMarkerFromFirstUser(anthropicPayload);
@@ -8292,6 +8339,82 @@ providerMessageRoutes.post("/count_tokens", async (c) => {
 	}
 });
 //#endregion
+//#region src/services/codex/get-models.ts
+const CODEX_MODELS = [
+	{
+		contextWindow: 1e5,
+		id: "gpt-5.3-codex-spark",
+		input: ["text"],
+		maxTokens: 32e3,
+		name: "GPT-5.3 Codex Spark"
+	},
+	{
+		contextWindow: 4e5,
+		id: "gpt-5.4",
+		input: ["text", "image"],
+		maxTokens: 128e3,
+		name: "GPT-5.4"
+	},
+	{
+		contextWindow: 4e5,
+		id: "gpt-5.4-mini",
+		input: ["text", "image"],
+		maxTokens: 128e3,
+		name: "GPT-5.4 mini"
+	},
+	{
+		contextWindow: 272e3,
+		id: "gpt-5.5",
+		input: ["text", "image"],
+		maxTokens: 128e3,
+		name: "GPT-5.5"
+	}
+];
+function normalizeCodexModel(model) {
+	const supportsVision = model.input.includes("image");
+	return {
+		capabilities: {
+			family: "gpt",
+			limits: {
+				max_context_window_tokens: model.contextWindow,
+				max_output_tokens: model.maxTokens,
+				max_prompt_tokens: model.contextWindow
+			},
+			object: "model_capabilities",
+			supports: {
+				adaptive_thinking: true,
+				parallel_tool_calls: true,
+				reasoning_effort: [
+					"minimal",
+					"low",
+					"medium",
+					"high",
+					"xhigh"
+				],
+				streaming: true,
+				tool_calls: true,
+				vision: supportsVision
+			},
+			tokenizer: "o200k_base",
+			type: "chat"
+		},
+		id: model.id,
+		model_picker_enabled: true,
+		name: model.name,
+		object: "model",
+		preview: false,
+		supported_endpoints: ["/v1/messages", "/v1/responses"],
+		vendor: "openai",
+		version: "chatgpt-codex"
+	};
+}
+function getModels() {
+	return {
+		object: "list",
+		data: CODEX_MODELS.map((model) => normalizeCodexModel(model))
+	};
+}
+//#endregion
 //#region src/routes/provider/models/route.ts
 const logger$2 = createHandlerLogger("provider-models-handler");
 const getProviderFetch = (c) => c.get("providerFetch") ?? fetch;
@@ -8307,6 +8430,14 @@ providerModelRoutes.get("/", async (c) => {
 			message: `Provider '${provider}' not found or disabled`,
 			type: "invalid_request_error"
 		} }, 404);
+		if (providerConfig.name === "codex") {
+			const models = getModels();
+			return c.json({
+				object: "list",
+				data: models.data,
+				has_more: false
+			});
+		}
 		const upstreamResponse = await forwardProviderModels(providerConfig, c.req.raw.headers, getProviderFetch(c));
 		logger$2.debug("provider.models.response", {
 			provider,
@@ -8437,6 +8568,7 @@ const handleResponses = async (c) => {
 	const upstreamSessionId = getUUID(normalizedPromptCacheKey ?? headerSessionId ?? upstreamRequestId);
 	request.upstreamRequestId = upstreamRequestId;
 	request.upstreamSessionId = upstreamSessionId;
+	const bridgeId = c.req.header("x-responses-bridge-id") ?? void 0;
 	if (streamRequested) return handleStreamingResponses({
 		c,
 		store,
@@ -8449,7 +8581,8 @@ const handleResponses = async (c) => {
 		initiator,
 		premiumRemainingBefore,
 		premiumUnlimitedBefore,
-		transport
+		transport,
+		bridgeId
 	});
 	return handleNonStreamingResponses({
 		c,
@@ -8463,7 +8596,8 @@ const handleResponses = async (c) => {
 		initiator,
 		premiumRemainingBefore,
 		premiumUnlimitedBefore,
-		transport
+		transport,
+		bridgeId
 	});
 };
 async function observeRequestError(accountId, error, affinity) {
@@ -8571,7 +8705,7 @@ function extractUsageFromChunkData(data) {
 	}
 }
 async function handleStreamingResponses(params) {
-	const { c, store, request, payload, selection, clientModel, accountCtx, vision, initiator, premiumRemainingBefore, premiumUnlimitedBefore, transport } = params;
+	const { c, store, request, payload, selection, clientModel, accountCtx, vision, initiator, premiumRemainingBefore, premiumUnlimitedBefore, transport, bridgeId } = params;
 	let response;
 	try {
 		response = await createResponses(payload, {
@@ -8580,7 +8714,8 @@ async function handleStreamingResponses(params) {
 			upstreamRequestId: request.upstreamRequestId,
 			sessionId: request.upstreamSessionId,
 			requestId: request.requestId,
-			transport
+			transport,
+			bridgeId
 		}, accountCtx);
 		selection.confirmAffinity?.();
 	} catch (error) {
@@ -8768,7 +8903,7 @@ async function streamResponsesAndLog(params) {
 	}
 }
 async function handleNonStreamingResponses(params) {
-	const { c, store, request, payload, selection, clientModel, accountCtx, vision, initiator, premiumRemainingBefore, premiumUnlimitedBefore, transport } = params;
+	const { c, store, request, payload, selection, clientModel, accountCtx, vision, initiator, premiumRemainingBefore, premiumUnlimitedBefore, transport, bridgeId } = params;
 	const { account, reservation, selectedModel, endpoint, costUnits } = selection;
 	let usage = {};
 	let errorState = { httpStatus: 200 };
@@ -8780,7 +8915,8 @@ async function handleNonStreamingResponses(params) {
 			upstreamRequestId: request.upstreamRequestId,
 			sessionId: request.upstreamSessionId,
 			requestId: request.requestId,
-			transport
+			transport,
+			bridgeId
 		}, accountCtx);
 		if (isAsyncIterable$1(response)) throw new Error("Upstream returned a stream unexpectedly");
 		selection.confirmAffinity?.();
@@ -8904,31 +9040,43 @@ usageRoute.get("/:accountIndex", async (c) => {
 });
 //#endregion
 //#region src/server.ts
-const server = new Hono();
-server.use(traceIdMiddleware);
-server.use(logger());
-server.use(cors());
-server.use("*", createAuthMiddleware({
-	allowUnauthenticatedPaths: ["/"],
-	allowUnauthenticatedPathPrefixes: ["/admin", "/api/admin"]
-}));
-server.get("/", (c) => c.text("Server running"));
-server.route("/chat/completions", completionRoutes);
-server.route("/models", modelRoutes);
-server.route("/embeddings", embeddingRoutes);
-server.route("/usage", usageRoute);
-server.route("/token", tokenRoute);
-server.route("/responses", responsesRoutes);
-server.route("/admin", adminRoutes);
-server.route("/api/admin", adminApiRoutes);
-server.route("/v1/chat/completions", completionRoutes);
-server.route("/v1/models", modelRoutes);
-server.route("/v1/embeddings", embeddingRoutes);
-server.route("/v1/responses", responsesRoutes);
-server.route("/v1/messages", messageRoutes);
-server.route("/:provider/v1/messages", providerMessageRoutes);
-server.route("/:provider/v1/models", providerModelRoutes);
+function createServer(options = {}) {
+	const app = new Hono();
+	const enableMcpHttp = options.enableMcpHttp ?? isMcpHttpEnabledFromEnv();
+	app.use(traceIdMiddleware);
+	app.use(logger());
+	if (enableMcpHttp) {
+		app.use(DEFAULT_MCP_HTTP_PATH, cors(mcpHttpCorsOptions));
+		app.all(DEFAULT_MCP_HTTP_PATH, (c) => handleStreamableHttpMcpRequest(c.req.raw));
+	} else app.all(DEFAULT_MCP_HTTP_PATH, (c) => c.json({ error: {
+		type: "mcp_http_disabled",
+		message: "MCP Streamable HTTP is disabled. Start with --enable-mcp-http to expose /mcp."
+	} }, 404));
+	app.use(cors());
+	app.use("*", createAuthMiddleware({
+		allowUnauthenticatedPaths: ["/", DEFAULT_MCP_HTTP_PATH],
+		allowUnauthenticatedPathPrefixes: ["/admin", "/api/admin"]
+	}));
+	app.get("/", (c) => c.text("Server running"));
+	app.route("/chat/completions", completionRoutes);
+	app.route("/models", modelRoutes);
+	app.route("/embeddings", embeddingRoutes);
+	app.route("/usage", usageRoute);
+	app.route("/token", tokenRoute);
+	app.route("/responses", responsesRoutes);
+	app.route("/admin", adminRoutes);
+	app.route("/api/admin", adminApiRoutes);
+	app.route("/v1/chat/completions", completionRoutes);
+	app.route("/v1/models", modelRoutes);
+	app.route("/v1/embeddings", embeddingRoutes);
+	app.route("/v1/responses", responsesRoutes);
+	app.route("/v1/messages", messageRoutes);
+	app.route("/:provider/v1/messages", providerMessageRoutes);
+	app.route("/:provider/v1/models", providerModelRoutes);
+	return app;
+}
+createServer();
 //#endregion
-export { server };
+export { createServer };
 
-//# sourceMappingURL=server-GxNB5Syq.js.map
+//# sourceMappingURL=server-DJ3_UGc4.js.map