@nick3/copilot-api 1.5.2 → 1.5.5

package/dist/{server-D9M_wFyO.js → server-CuXJhEMC.js}

@@ -1,13 +1,13 @@
-import { t as PATHS } from "./paths-Cvzy-eLX.js";
-import { i as listAccountsFromRegistry } from "./accounts-registry-CQYvRe65.js";
-import { C as prepareInteractionHeaders, D as state, E as accountFromState, S as prepareForCompact, T as resolveTraceId, _ as copilotHeaders, a as generateRequestIdFromPayload, c as isNullish, g as copilotBaseUrl, h as forwardError, l as parseUserIdMetadata, m as HTTPError, n as cacheModels, o as getRootSessionId, p as getCopilotUsage, s as getUUID, u as sleep, w as requestContext } from "./utils-53JWve7i.js";
-import "./get-copilot-token-DN1P6qll.js";
-import { _ as isMessagesApiEnabled, a as getClaudeTokenMultiplier, b as mergeConfigWithDefaults, c as getModelAliases, d as getProviderConfig, f as getReasoningEffortForModel, g as isMessageStartInputTokensFallbackEnabled, h as isForceAgentEnabled, i as getAnthropicApiKey, l as getModelAliasesInfo, m as isAccountAffinityEnabled, n as PROVIDER_TYPE_ANTHROPIC, o as getConfig, p as getSmallModel, r as getAliasTargetSet, s as getExtraPromptForModel, t as accountsManager, u as getModelRefreshIntervalMs, v as isResponsesApiContextManagementModel, x as shouldCompactUseSmallModel, y as isResponsesApiWebSearchEnabled } from "./accounts-manager-DhwGrhHF.js";
+import { A as resolveTraceId, C as normalizeDomain, D as accountFromState, E as prepareMessageProxyHeaders, O as state, T as prepareInteractionHeaders, _ as HTTPError, b as copilotHeaders, c as getRootSessionId, d as parseUserIdMetadata, f as sleep, g as getCopilotUsage, h as getDeviceCode, k as requestContext, l as getUUID, m as getGitHubUser, r as cacheModels, s as generateRequestIdFromPayload, t as pollAccessToken, u as isNullish, v as forwardError, w as prepareForCompact, y as copilotBaseUrl } from "./poll-access-token-DFooFWhY.js";
+import { a as getAccountClientIdentityByLoginAndApp, c as listAccountsFromRegistry, f as removeAccountFromRegistry, g as DEFAULT_IDENTITY_ENTERPRISE_DOMAIN, h as saveRegistry, m as saveAccountToken, p as removeAccountToken, r as addAccountToRegistry, t as isAccountType, u as loadRegistry, y as getCurrentIdentityEnvironment } from "./account-AacnHem5.js";
+import { r as ensurePaths, t as PATHS } from "./paths-DGlr310R.js";
+import "./get-copilot-token-cha9rQwA.js";
+import { _ as isMessagesApiEnabled, a as getClaudeTokenMultiplier, b as mergeConfigWithDefaults, c as getModelAliases, d as getProviderConfig, f as getReasoningEffortForModel, g as isMessageStartInputTokensFallbackEnabled, h as isForceAgentEnabled, i as getAnthropicApiKey, l as getModelAliasesInfo, m as isAccountAffinityEnabled, n as PROVIDER_TYPE_ANTHROPIC, o as getConfig, p as getSmallModel, r as getAliasTargetSet, s as getExtraPromptForModel, t as accountsManager, u as getModelRefreshIntervalMs, v as isResponsesApiContextManagementModel, x as shouldCompactUseSmallModel, y as isResponsesApiWebSearchEnabled } from "./accounts-manager-BevCBoaF.js";
 import consola from "consola";
 import fs, { readFile } from "node:fs/promises";
+import { randomUUID, timingSafeEqual } from "node:crypto";
 import * as path$1 from "node:path";
 import path from "node:path";
-import { randomUUID, timingSafeEqual } from "node:crypto";
 import { Hono } from "hono";
 import { cors } from "hono/cors";
 import { logger } from "hono/logger";
@@ -112,7 +112,9 @@ const traceIdMiddleware = async (c, next) => {
 	const context = {
 		traceId,
 		startTime: Date.now(),
-		userAgent: c.req.header("user-agent") || ""
+		userAgent: c.req.header("user-agent") || "",
+		sessionAffinity: c.req.header("x-session-affinity"),
+		parentSessionId: c.req.header("x-parent-session-id")
 	};
 	await requestContext.run(context, async () => {
 		await next();
@@ -690,6 +692,162 @@ function extractResponsesUsageFromResult(result) {
 	return normalizeResponsesUsage(result.usage);
 }
 
+//#endregion
+//#region src/routes/admin-api/auth-sessions.ts
+function buildOauthUrls(enterpriseDomain) {
+	if (!enterpriseDomain) return void 0;
+	const domain = normalizeDomain(enterpriseDomain);
+	if (!domain) return void 0;
+	return {
+		deviceCodeUrl: `https://${domain}/login/device/code`,
+		accessTokenUrl: `https://${domain}/login/oauth/access_token`
+	};
+}
+const CLEANUP_INTERVAL_MS$1 = 6e4;
+var AuthSessionManager = class {
+	sessions = /* @__PURE__ */ new Map();
+	cleanupTimer = null;
+	start() {
+		if (this.cleanupTimer) return;
+		this.cleanupTimer = setInterval(() => this.cleanupExpired(), CLEANUP_INTERVAL_MS$1);
+	}
+	stop() {
+		if (this.cleanupTimer) {
+			clearInterval(this.cleanupTimer);
+			this.cleanupTimer = null;
+		}
+		for (const session of this.sessions.values()) session.abortController.abort();
+		this.sessions.clear();
+	}
+	async startAuth(params) {
+		const enterpriseDomain = params.enterpriseDomain ? normalizeDomain(params.enterpriseDomain) : null;
+		const overrideUrls = buildOauthUrls(enterpriseDomain);
+		await ensurePaths();
+		const deviceResponse = await getDeviceCode({ overrideUrls });
+		const sessionId = randomUUID();
+		const abortController = new AbortController();
+		const expiresAt = Date.now() + deviceResponse.expires_in * 1e3;
+		const session = {
+			sessionId,
+			accountType: params.accountType,
+			enterpriseDomain,
+			status: "pending",
+			userCode: deviceResponse.user_code,
+			verificationUri: deviceResponse.verification_uri,
+			expiresAt,
+			interval: deviceResponse.interval,
+			abortController,
+			reauthAccountId: params.reauthAccountId ?? null
+		};
+		this.sessions.set(sessionId, session);
+		this.runAuthFlow(session, deviceResponse, overrideUrls);
+		return {
+			sessionId,
+			userCode: deviceResponse.user_code,
+			verificationUri: deviceResponse.verification_uri,
+			expiresIn: deviceResponse.expires_in,
+			interval: deviceResponse.interval
+		};
+	}
+	getStatus(sessionId) {
+		const session = this.sessions.get(sessionId);
+		if (!session) return null;
+		if (session.status === "pending" && Date.now() >= session.expiresAt) {
+			session.status = "expired";
+			session.abortController.abort();
+		}
+		return {
+			status: session.status,
+			accountId: session.accountId,
+			error: session.error
+		};
+	}
+	cancel(sessionId) {
+		const session = this.sessions.get(sessionId);
+		if (!session) return false;
+		session.abortController.abort();
+		this.sessions.delete(sessionId);
+		return true;
+	}
+	getLiveSession(sessionId) {
+		const session = this.sessions.get(sessionId);
+		if (!session || session.abortController.signal.aborted) return null;
+		return session;
+	}
+	async runAuthFlow(session, deviceResponse, overrideUrls) {
+		try {
+			const sessionId = session.sessionId;
+			const signal = session.abortController.signal;
+			const token = await pollAccessToken(deviceResponse, {
+				overrideUrls,
+				signal
+			});
+			if (!this.getLiveSession(sessionId)) return;
+			const user = await getGitHubUser({
+				githubToken: token,
+				accountType: session.accountType
+			});
+			if (!this.getLiveSession(sessionId)) return;
+			const accountId = user.login;
+			if (session.reauthAccountId && session.reauthAccountId !== accountId) {
+				this.failSession(sessionId, `Authenticated as "${accountId}" but expected "${session.reauthAccountId}". Use "Add Account" to add a different account.`);
+				return;
+			}
+			if (!this.getLiveSession(sessionId)) return;
+			await saveAccountToken(accountId, token);
+			if (!this.getLiveSession(sessionId)) return;
+			if (!this.getLiveSession(sessionId)) return;
+			const existingAccounts = await listAccountsFromRegistry();
+			if (!this.getLiveSession(sessionId)) return;
+			if (existingAccounts.some((acc) => acc.id === accountId)) {
+				const registry = await loadRegistry();
+				if (!this.getLiveSession(sessionId)) return;
+				await saveRegistry(registry);
+			} else {
+				if (!this.getLiveSession(sessionId)) return;
+				await addAccountToRegistry({
+					id: accountId,
+					accountType: session.accountType,
+					addedAt: Date.now()
+				});
+			}
+			if (!this.getLiveSession(sessionId)) return;
+			this.completeSession(sessionId, accountId);
+		} catch (error) {
+			if (session.abortController.signal.aborted) return;
+			this.failSession(session.sessionId, error instanceof Error ? error.message : String(error));
+			consola.error(`Auth session ${session.sessionId} failed:`, error);
+		}
+	}
+	completeSession(sessionId, accountId) {
+		const session = this.sessions.get(sessionId);
+		if (!session || session.abortController.signal.aborted) return;
+		session.status = "completed";
+		session.accountId = accountId;
+	}
+	failSession(sessionId, error) {
+		const session = this.sessions.get(sessionId);
+		if (!session || session.abortController.signal.aborted) return;
+		session.status = "failed";
+		session.error = error;
+	}
+	cleanupExpired() {
+		const now = Date.now();
+		const cleanupThreshold = 5 * 6e4;
+		for (const [id, session] of this.sessions) {
+			if (session.status !== "pending" && now - session.expiresAt > cleanupThreshold) {
+				session.abortController.abort();
+				this.sessions.delete(id);
+			}
+			if (session.status === "pending" && now >= session.expiresAt) {
+				session.status = "expired";
+				session.abortController.abort();
+			}
+		}
+	}
+};
+const authSessionManager = new AuthSessionManager();
+
 //#endregion
 //#region src/routes/admin-api/route.ts
 const ADMIN_TOKEN = process.env.ADMIN_TOKEN?.trim() || void 0;
@@ -1166,6 +1324,7 @@ adminApiRoutes.use("*", async (c, next) => {
 	} }, decision.status);
 	await next();
 });
+authSessionManager.start();
 adminApiRoutes.get("/meta", (c) => {
 	const store = getRequestHistoryStore();
 	return c.json(store.meta());
@@ -1395,6 +1554,115 @@ adminApiRoutes.get("/requests/:requestId", (c) => {
 	const item = getRequestHistoryStore().getByRequestId(requestId);
 	return c.json({ item });
 });
+adminApiRoutes.post("/accounts/auth/start", async (c) => {
+	let payload;
+	try {
+		payload = await c.req.json();
+	} catch {
+		return jsonError(c, 400, {
+			message: "Request body must be valid JSON.",
+			type: "bad_request"
+		});
+	}
+	if (!isPlainObject(payload)) return jsonError(c, 400, {
+		message: "Request body must be an object.",
+		type: "bad_request"
+	});
+	const accountType = payload.accountType;
+	if (!isAccountType(accountType)) return jsonError(c, 400, {
+		message: "accountType must be one of: individual, business, enterprise",
+		type: "bad_request"
+	});
+	const enterpriseDomainRaw = payload.enterpriseDomain;
+	let enterpriseDomain;
+	if (accountType === "enterprise" && typeof enterpriseDomainRaw === "string") enterpriseDomain = enterpriseDomainRaw.trim();
+	if (accountType === "enterprise" && !enterpriseDomain) return jsonError(c, 400, {
+		message: "enterpriseDomain is required for enterprise accounts.",
+		type: "bad_request"
+	});
+	try {
+		const result = await authSessionManager.startAuth({
+			accountType,
+			enterpriseDomain
+		});
+		return c.json(result);
+	} catch (error) {
+		return jsonError(c, 500, {
+			message: `Failed to start auth: ${error instanceof Error ? error.message : String(error)}`,
+			type: "internal_error"
+		});
+	}
+});
+adminApiRoutes.get("/accounts/auth/status/:sessionId", (c) => {
+	const sessionId = c.req.param("sessionId");
+	const status = authSessionManager.getStatus(sessionId);
+	if (!status) return jsonError(c, 404, {
+		message: "Session not found.",
+		type: "not_found"
+	});
+	return c.json(status);
+});
+adminApiRoutes.post("/accounts/auth/cancel/:sessionId", (c) => {
+	const sessionId = c.req.param("sessionId");
+	if (!authSessionManager.cancel(sessionId)) return jsonError(c, 404, {
+		message: "Session not found.",
+		type: "not_found"
+	});
+	return c.json({ cancelled: true });
+});
+adminApiRoutes.delete("/accounts/:id", async (c) => {
+	const accountId = c.req.param("id");
+	try {
+		if (!(await listAccountsFromRegistry()).some((a) => a.id === accountId)) return jsonError(c, 404, {
+			message: "Account not found.",
+			type: "not_found"
+		});
+		await removeAccountFromRegistry(accountId);
+		try {
+			await removeAccountToken(accountId);
+		} catch (error) {
+			console.error(`Account ${accountId} deleted but token cleanup failed.`, error);
+		}
+		return c.json({
+			deleted: true,
+			accountId
+		});
+	} catch (error) {
+		return jsonError(c, 500, {
+			message: `Failed to delete account: ${error instanceof Error ? error.message : String(error)}`,
+			type: "internal_error"
+		});
+	}
+});
+adminApiRoutes.post("/accounts/:id/reauth", async (c) => {
+	const accountId = c.req.param("id");
+	try {
+		const account = (await listAccountsFromRegistry()).find((a) => a.id === accountId);
+		if (!account) return jsonError(c, 404, {
+			message: "Account not found.",
+			type: "not_found"
+		});
+		const { oauthApp } = getCurrentIdentityEnvironment();
+		const resolvedEnterpriseDomain = (await getAccountClientIdentityByLoginAndApp(accountId, oauthApp))?.enterpriseDomain;
+		let enterpriseDomain;
+		if (resolvedEnterpriseDomain && resolvedEnterpriseDomain !== DEFAULT_IDENTITY_ENTERPRISE_DOMAIN) enterpriseDomain = resolvedEnterpriseDomain;
+		if (account.accountType === "enterprise" && !enterpriseDomain) return jsonError(c, 400, {
+			message: "Cannot re-authenticate enterprise account: enterprise domain could not be resolved from stored identity.",
+			type: "bad_request"
+		});
+		const result = await authSessionManager.startAuth({
+			accountType: account.accountType,
+			enterpriseDomain,
+			reauthAccountId: accountId
+		});
+		return c.json(result);
+	} catch (error) {
+		return jsonError(c, 500, {
+			message: `Failed to start reauth: ${error instanceof Error ? error.message : String(error)}`,
+			type: "internal_error"
+		});
+	}
+});
 
 //#endregion
 //#region src/routes/admin/route.ts
@@ -2053,11 +2321,15 @@ function computeDiff(before, after) {
 }
 function toAccountContext(account) {
 	return {
+		accountLogin: account.accountLogin,
 		githubToken: account.githubToken,
 		copilotToken: account.copilotToken,
 		...account.copilotApiUrl !== void 0 ? { copilotApiUrl: account.copilotApiUrl } : {},
 		accountType: account.accountType,
-		vsCodeVersion: account.vsCodeVersion
+		vsCodeVersion: account.vsCodeVersion,
+		clientDeviceId: account.clientDeviceId,
+		clientMachineId: account.clientMachineId,
+		clientSessionId: account.clientSessionId
 	};
 }
 function extractErrorDetails(error) {
@@ -2082,6 +2354,9 @@ const FLUSH_INTERVAL_MS = 1e3;
 const MAX_BUFFER_SIZE = 100;
 const logStreams = /* @__PURE__ */ new Map();
 const logBuffers = /* @__PURE__ */ new Map();
+let runtimeInitialized = false;
+let flushInterval;
+let cleanupInterval;
 const ensureLogDirectory = () => {
 	if (!fs$1.existsSync(LOG_DIR)) fs$1.mkdirSync(LOG_DIR, { recursive: true });
 };
@@ -2112,17 +2387,8 @@ const sanitizeName = (name) => {
 	const normalized = name.toLowerCase().replaceAll(/[^a-z0-9]+/g, "-").replaceAll(/^-+|-+$/g, "");
 	return normalized === "" ? "handler" : normalized;
 };
-const getLogStream = (filePath) => {
-	let stream = logStreams.get(filePath);
-	if (!stream || stream.destroyed) {
-		stream = fs$1.createWriteStream(filePath, { flags: "a" });
-		logStreams.set(filePath, stream);
-		stream.on("error", (error) => {
-			console.warn("Log stream error", error);
-			logStreams.delete(filePath);
-		});
-	}
-	return stream;
+const maybeUnref = (timer) => {
+	timer.unref();
 };
 const flushBuffer = (filePath) => {
 	const buffer = logBuffers.get(filePath);
@@ -2137,6 +2403,52 @@ const flushBuffer = (filePath) => {
 const flushAllBuffers = () => {
 	for (const filePath of logBuffers.keys()) flushBuffer(filePath);
 };
+const cleanup = () => {
+	if (flushInterval) {
+		clearInterval(flushInterval);
+		flushInterval = void 0;
+	}
+	if (cleanupInterval) {
+		clearInterval(cleanupInterval);
+		cleanupInterval = void 0;
+	}
+	flushAllBuffers();
+	for (const stream of logStreams.values()) stream.end();
+	logStreams.clear();
+	logBuffers.clear();
+};
+const initializeLoggerRuntime = () => {
+	if (runtimeInitialized) return;
+	runtimeInitialized = true;
+	ensureLogDirectory();
+	cleanupOldLogs();
+	flushInterval = setInterval(flushAllBuffers, FLUSH_INTERVAL_MS);
+	maybeUnref(flushInterval);
+	cleanupInterval = setInterval(cleanupOldLogs, CLEANUP_INTERVAL_MS);
+	maybeUnref(cleanupInterval);
+	process.once("exit", cleanup);
+	process.once("SIGINT", () => {
+		cleanup();
+		process.exit(0);
+	});
+	process.once("SIGTERM", () => {
+		cleanup();
+		process.exit(0);
+	});
+};
+const getLogStream = (filePath) => {
+	initializeLoggerRuntime();
+	let stream = logStreams.get(filePath);
+	if (!stream || stream.destroyed) {
+		stream = fs$1.createWriteStream(filePath, { flags: "a" });
+		logStreams.set(filePath, stream);
+		stream.on("error", (error) => {
+			console.warn("Log stream error", error);
+			logStreams.delete(filePath);
+		});
+	}
+	return stream;
+};
 const appendLine = (filePath, line) => {
 	let buffer = logBuffers.get(filePath);
 	if (!buffer) {
@@ -2146,35 +2458,23 @@ const appendLine = (filePath, line) => {
 	buffer.push(line);
 	if (buffer.length >= MAX_BUFFER_SIZE) flushBuffer(filePath);
 };
-setInterval(flushAllBuffers, FLUSH_INTERVAL_MS);
-const cleanup = () => {
-	flushAllBuffers();
-	for (const stream of logStreams.values()) stream.end();
-	logStreams.clear();
-	logBuffers.clear();
+const debugLazy = (logger$7, factory) => {
+	if (!state.verbose) return;
+	logger$7.debug(...factory());
+};
+const debugJson = (logger$7, label, value) => {
+	debugLazy(logger$7, () => [label, JSON.stringify(value)]);
+};
+const debugJsonTail = (logger$7, label, { value, tailLength = 400 }) => {
+	debugLazy(logger$7, () => [label, JSON.stringify(value).slice(-tailLength)]);
 };
-process.on("exit", cleanup);
-process.on("SIGINT", () => {
-	cleanup();
-	process.exit(0);
-});
-process.on("SIGTERM", () => {
-	cleanup();
-	process.exit(0);
-});
-let lastCleanup = 0;
 const createHandlerLogger = (name) => {
-	ensureLogDirectory();
 	const sanitizedName = sanitizeName(name);
 	const instance = consola.withTag(name);
 	if (state.verbose) instance.level = 5;
 	instance.setReporters([]);
 	instance.addReporter({ log(logObj) {
-		ensureLogDirectory();
-		if (Date.now() - lastCleanup > CLEANUP_INTERVAL_MS) {
-			cleanupOldLogs();
-			lastCleanup = Date.now();
-		}
+		initializeLoggerRuntime();
 		const traceId = requestContext.getStore()?.traceId;
 		const date = logObj.date;
 		const dateKey = date.toLocaleDateString("sv-SE");
@@ -2504,7 +2804,10 @@ async function handleCompletion$1(c) {
 			reason: "MODEL_NOT_SUPPORTED"
 		});
 	}
-	logger$6.debug("Request payload:", JSON.stringify(payload).slice(-400));
+	debugJsonTail(logger$6, "Request payload:", {
+		value: payload,
+		tailLength: 400
+	});
 	const upstreamRequestId = generateRequestIdFromPayload(payload, normalizedPromptCacheKey);
 	const selection = await accountsManager.selectAccountForRequest([{
 		modelId: clientModel,
@@ -2637,7 +2940,7 @@ function applyDefaultMaxTokens(payload, selectedModel) {
 		...payload,
 		max_tokens: selectedModel.capabilities.limits.max_output_tokens
 	};
-	logger$6.debug("Set max_tokens to:", JSON.stringify(updated.max_tokens));
+	debugJson(logger$6, "Set max_tokens to:", updated.max_tokens);
 	return updated;
 }
 async function handleStreamingRequest(params) {
@@ -2723,7 +3026,7 @@ async function handleNonStreamingUpstreamResponse(params) {
 	let errorMessage;
 	const finishedAtMs = Date.now();
 	try {
-		logger$6.debug("Non-streaming response:", JSON.stringify(response));
+		debugJson(logger$6, "Non-streaming response:", response);
 		return c.json(response);
 	} catch (error) {
 		const details = extractErrorDetails(error);
@@ -2773,7 +3076,7 @@ async function streamChatCompletionsAndLog$1(params) {
 			if (ttfbMs === void 0) ttfbMs = Date.now() - request.startedAtMs;
 			const usage = await extractUsageFromChunk(chunk);
 			if (usage) lastUsage = usage;
-			logger$6.debug("Streaming chunk:", JSON.stringify(chunk));
+			debugJson(logger$6, "Streaming chunk:", chunk);
 			await stream.writeSSE(chunk);
 		}
 	} catch (error) {
@@ -2845,7 +3148,7 @@ async function handleNonStreamingRequest(params) {
 			});
 		}
 		usage = normalizeChatCompletionsUsage(response.usage);
-		logger$6.debug("Non-streaming response:", JSON.stringify(response));
+		debugJson(logger$6, "Non-streaming response:", response);
 		return c.json(response);
 	} catch (error) {
 		finishedAtMs = Date.now();
@@ -3111,43 +3414,72 @@ const _normalizeSdkModelId = (sdkModelId) => {
 };
 
 //#endregion
-//#region src/routes/messages/utils.ts
-function mapOpenAIStopReasonToAnthropic(finishReason) {
-	if (finishReason === null) return null;
-	return {
-		stop: "end_turn",
-		length: "max_tokens",
-		tool_calls: "tool_use",
-		content_filter: "end_turn"
-	}[finishReason];
-}
-const mergeContentWithText = (toolResult, textBlock) => {
-	if (typeof toolResult.content === "string") return {
-		...toolResult,
-		content: `${toolResult.content}\n\n${textBlock.text}`
+//#region src/routes/messages/preprocess.ts
+const compactSystemPromptStart = "You are a helpful AI assistant tasked with summarizing conversations";
+const compactTextOnlyGuard = "CRITICAL: Respond with TEXT ONLY. Do NOT call any tools.";
+const compactSummaryPromptStart = "Your task is to create a detailed summary of the conversation so far";
+const compactMessageSections = ["Pending Tasks:", "Current Work:"];
+const TOOL_REFERENCE_TURN_BOUNDARY = "Tool loaded.";
+const getAnthropicEffortForModel = (model) => {
+	const reasoningEffort = getReasoningEffortForModel(model);
+	if (reasoningEffort === "xhigh") return "max";
+	if (reasoningEffort === "none" || reasoningEffort === "minimal") return "low";
+	return reasoningEffort;
+};
+const getCompactCandidateText = (message) => {
+	if (message.role !== "user") return "";
+	if (typeof message.content === "string") return message.content;
+	return message.content.filter((block) => block.type === "text").map((block) => block.text.startsWith("<system-reminder>") ? "" : block.text).filter((text) => text.length > 0).join("\n\n");
+};
+const isCompactMessage = (lastMessage) => {
+	const text = getCompactCandidateText(lastMessage);
+	if (!text) return false;
+	return text.includes(compactTextOnlyGuard) && text.includes(compactSummaryPromptStart) && compactMessageSections.some((section) => text.includes(section));
+};
+const isCompactRequest = (anthropicPayload) => {
+	const lastMessage = anthropicPayload.messages.at(-1);
+	if (lastMessage && isCompactMessage(lastMessage)) return true;
+	const system = anthropicPayload.system;
+	if (typeof system === "string") return system.startsWith(compactSystemPromptStart);
+	if (!Array.isArray(system)) return false;
+	return system.some((msg) => typeof msg.text === "string" && msg.text.startsWith(compactSystemPromptStart));
+};
+const mergeContentWithText = (tr, textBlock) => {
+	if (typeof tr.content === "string") return {
+		...tr,
+		content: `${tr.content}\n\n${textBlock.text}`
 	};
+	if (hasToolRef(tr)) return tr;
 	return {
-		...toolResult,
-		content: [...toolResult.content, textBlock]
+		...tr,
+		content: [...tr.content, textBlock]
 	};
 };
-const mergeContentWithTexts = (toolResult, textBlocks) => {
-	if (typeof toolResult.content === "string") {
+const mergeContentWithTexts = (tr, textBlocks) => {
+	if (typeof tr.content === "string") {
 		const appendedTexts = textBlocks.map((tb) => tb.text).join("\n\n");
 		return {
-			...toolResult,
-			content: `${toolResult.content}\n\n${appendedTexts}`
+			...tr,
+			content: `${tr.content}\n\n${appendedTexts}`
 		};
 	}
+	if (hasToolRef(tr)) return tr;
 	return {
-		...toolResult,
-		content: [...toolResult.content, ...textBlocks]
+		...tr,
+		content: [...tr.content, ...textBlocks]
 	};
 };
 const mergeToolResult = (toolResults, textBlocks) => {
-	if (toolResults.length === textBlocks.length) return toolResults.map((toolResult, index) => mergeContentWithText(toolResult, textBlocks[index]));
+	if (toolResults.length === textBlocks.length) return toolResults.map((tr, i) => mergeContentWithText(tr, textBlocks[i]));
 	const lastIndex = toolResults.length - 1;
-	return toolResults.map((toolResult, index) => index === lastIndex ? mergeContentWithTexts(toolResult, textBlocks) : toolResult);
+	return toolResults.map((tr, i) => i === lastIndex ? mergeContentWithTexts(tr, textBlocks) : tr);
+};
+const stripToolReferenceTurnBoundary = (anthropicPayload) => {
+	for (const msg of anthropicPayload.messages) {
+		if (msg.role !== "user" || !Array.isArray(msg.content)) continue;
+		if (!msg.content.some((block) => block.type === "tool_result" && hasToolRef(block))) continue;
+		msg.content = msg.content.filter((block) => block.type !== "text" || block.text.trim() !== TOOL_REFERENCE_TURN_BOUNDARY);
+	}
 };
 const mergeToolResultForClaude = (anthropicPayload) => {
 	for (const msg of anthropicPayload.messages) {
@@ -3165,6 +3497,9 @@ const mergeToolResultForClaude = (anthropicPayload) => {
 		msg.content = mergeToolResult(toolResults, textBlocks);
 	}
 };
+const hasToolRef = (block) => {
+	return Array.isArray(block.content) && block.content.some((c) => c.type === "tool_reference");
+};
 const stripUnsupportedCacheControl = (block) => {
 	const cacheControl = block.cache_control;
 	if (!cacheControl || typeof cacheControl !== "object" || Array.isArray(cacheControl)) return;
@@ -3181,9 +3516,9 @@ const stripTextBlockCacheControl = (block) => {
 	if (record.type !== "text") return;
 	stripUnsupportedCacheControl(record);
 };
-const stripCacheControl = (anthropicPayload) => {
-	if (Array.isArray(anthropicPayload.system)) for (const block of anthropicPayload.system) stripTextBlockCacheControl(block);
-	for (const msg of anthropicPayload.messages) {
+const stripCacheControl = (payload) => {
+	if (Array.isArray(payload.system)) for (const block of payload.system) stripTextBlockCacheControl(block);
+	for (const msg of payload.messages) {
 		if (!Array.isArray(msg.content)) continue;
 		for (const block of msg.content) {
 			stripTextBlockCacheControl(block);
@@ -3191,6 +3526,34 @@ const stripCacheControl = (anthropicPayload) => {
 		}
 	}
 };
+const filterAssistantThinkingBlocks = (payload) => {
+	for (const msg of payload.messages) if (msg.role === "assistant" && Array.isArray(msg.content)) msg.content = msg.content.filter((block) => {
+		if (block.type !== "thinking") return true;
+		return block.thinking && block.thinking !== "Thinking..." && block.signature && !block.signature.includes("@");
+	});
+};
+const prepareMessagesApiPayload = (payload, selectedModel) => {
+	stripCacheControl(payload);
+	filterAssistantThinkingBlocks(payload);
+	const toolChoice = payload.tool_choice;
+	const disableThink = toolChoice?.type === "any" || toolChoice?.type === "tool";
+	if (selectedModel?.capabilities.supports.adaptive_thinking && !disableThink) {
+		payload.thinking = { type: "adaptive" };
+		payload.output_config = { effort: getAnthropicEffortForModel(payload.model) };
+	}
+};
+
+//#endregion
+//#region src/routes/messages/utils.ts
+function mapOpenAIStopReasonToAnthropic(finishReason) {
+	if (finishReason === null) return null;
+	return {
+		stop: "end_turn",
+		length: "max_tokens",
+		tool_calls: "tool_use",
+		content_filter: "end_turn"
+	}[finishReason];
+}
 const estimateInputTokens = async (payload, selectedModel, logger$7) => {
 	try {
 		return (await getTokenCount(payload, selectedModel)).input;
@@ -3255,28 +3618,6 @@ const maybeBlockOriginalModelName = (context) => {
 		}
 	});
 };
-const compactSystemPromptStart = "You are a helpful AI assistant tasked with summarizing conversations";
-const compactTextOnlyGuard = "CRITICAL: Respond with TEXT ONLY. Do NOT call any tools.";
-const compactSummaryPromptStart = "Your task is to create a detailed summary of the conversation so far";
-const compactMessageSections = ["Pending Tasks:", "Current Work:"];
-const getCompactCandidateText = (message) => {
-	if (message.role !== "user") return "";
-	if (typeof message.content === "string") return message.content;
-	return message.content.filter((block) => block.type === "text").map((block) => block.text.startsWith("<system-reminder>") ? "" : block.text).filter((text) => text.length > 0).join("\n\n");
-};
-const isCompactMessage = (lastMessage) => {
-	const text = getCompactCandidateText(lastMessage);
-	if (!text) return false;
-	return text.includes(compactTextOnlyGuard) && text.includes(compactSummaryPromptStart) && compactMessageSections.some((section) => text.includes(section));
-};
-const isCompactRequest = (anthropicPayload) => {
-	const lastMessage = anthropicPayload.messages.at(-1);
-	if (lastMessage && isCompactMessage(lastMessage)) return true;
-	const system = anthropicPayload.system;
-	if (typeof system === "string" && system.startsWith(compactSystemPromptStart)) return true;
-	if (Array.isArray(system) && system.some((msg) => typeof msg.text === "string" && msg.text.startsWith(compactSystemPromptStart))) return true;
-	return false;
-};
 
 //#endregion
 //#region src/routes/messages/non-stream-translation.ts
@@ -3382,7 +3723,6 @@ function handleAssistantMessage(message, modelId) {
 function mapContent(content) {
 	if (typeof content === "string") return content;
 	if (!Array.isArray(content)) return null;
-	if (!content.some((block) => block.type === "image")) return content.filter((block) => block.type === "text").map((block) => block.text).join("\n\n");
 	const contentParts = [];
 	for (const block of content) switch (block.type) {
 		case "text":
@@ -3397,6 +3737,12 @@ function mapContent(content) {
 				image_url: { url: `data:${block.source.media_type};base64,${block.source.data}` }
 			});
 			break;
+		case "tool_reference":
+			contentParts.push({
+				type: "text",
+				text: `Tool ${block.tool_name} loaded`
+			});
+			break;
 	}
 	return contentParts;
 }
@@ -4009,6 +4355,9 @@ const convertToolResultContent = (content) => {
 			case "image":
 				result.push(createImageContent(block));
 				break;
+			case "tool_reference":
+				result.push(createTextContent(`Tool ${block.tool_name} loaded`));
+				break;
 			default: break;
 		}
 		return result;
@@ -4450,7 +4799,7 @@ const extractFunctionCallDetails = (rawEvent) => {
 //#region src/routes/responses/utils.ts
 const getResponsesRequestOptions = (payload) => {
 	return {
-		vision: hasVisionInput(payload),
+		vision: hasVisionInput$1(payload),
 		initiator: hasAgentInitiator(payload) ? "agent" : "user"
 	};
 };
@@ -4465,7 +4814,7 @@ const isAgentRole = (item) => {
 	if (!("role" in item) || !item.role) return true;
 	return (typeof item.role === "string" ? item.role.toLowerCase() : "") === "assistant";
 };
-const hasVisionInput = (payload) => {
+const hasVisionInput$1 = (payload) => {
 	return getPayloadItems(payload).some((item) => containsVisionContent(item));
 };
 const resolveResponsesCompactThreshold = (maxPromptTokens) => {
@@ -4542,19 +4891,33 @@ const buildAnthropicBetaHeader = (anthropicBetaHeader, thinking) => {
 	}
 	if (thinking?.budget_tokens && !isAdaptiveThinking) return INTERLEAVED_THINKING_BETA;
 };
-const createMessages = async (payload, account, options) => {
-	const ctx = account ?? accountFromState();
-	if (!ctx.copilotToken) throw new Error("Copilot token not found");
-	const enableVision = payload.messages.some((message) => Array.isArray(message.content) && message.content.some((block) => block.type === "image"));
-	const initiator = options?.initiator ?? getMessagesInitiator(payload);
+const hasVisionInput = (payload) => payload.messages.some((message) => Array.isArray(message.content) && message.content.some((block) => block.type === "image" || block.type === "tool_result" && Array.isArray(block.content) && block.content.some((inner) => inner.type === "image")));
+const shouldUseMessageProxyHeaders = (payload) => {
+	const { safetyIdentifier, sessionId } = parseUserIdMetadata(payload.metadata?.user_id);
+	return Boolean(safetyIdentifier && sessionId);
+};
+const buildMessagesHeaders = ({ ctx, enableVision, initiator, options, payload }) => {
 	const headers = {
 		...copilotHeaders(ctx, enableVision, options?.upstreamRequestId),
 		"x-initiator": options?.subagentMarker ? "agent" : initiator
 	};
 	prepareInteractionHeaders(options?.sessionId, Boolean(options?.subagentMarker), headers);
 	prepareForCompact(headers, options?.isCompact);
+	if (shouldUseMessageProxyHeaders(payload)) prepareMessageProxyHeaders(headers);
 	const anthropicBeta = buildAnthropicBetaHeader(options?.anthropicBetaHeader, payload.thinking);
 	if (anthropicBeta) headers["anthropic-beta"] = anthropicBeta;
+	return headers;
+};
+const createMessages = async (payload, account, options) => {
+	const ctx = account ?? accountFromState();
+	if (!ctx.copilotToken) throw new Error("Copilot token not found");
+	const headers = buildMessagesHeaders({
+		ctx,
+		enableVision: hasVisionInput(payload),
+		initiator: options?.initiator ?? getMessagesInitiator(payload),
+		options,
+		payload
+	});
 	const response = await fetch(`${copilotBaseUrl(ctx)}/v1/messages`, {
 		method: "POST",
 		headers,
@@ -4829,7 +5192,7 @@ function closeThinkingBlockIfOpen(state$1, events$1) {
 //#region src/routes/messages/subagent-marker.ts
 const subagentMarkerPrefix = "__SUBAGENT_MARKER__";
 const parseSubagentMarkerFromFirstUser = (payload) => {
-	const firstUserMessage = payload.messages.find((msg) => msg.role === "user");
+	const firstUserMessage = payload.messages.find((msg) => msg.role === "user" && Array.isArray(msg.content));
 	if (!firstUserMessage || !Array.isArray(firstUserMessage.content)) return null;
 	for (const block of firstUserMessage.content) {
 		if (block.type !== "text") continue;
@@ -4886,10 +5249,10 @@ async function handleCompletion(c) {
 	const { ip: clientIp, source: clientIpSource } = getClientIpInfo(c);
 	const userAgent = c.req.header("user-agent") ?? void 0;
 	const anthropicPayload = await c.req.json();
-	logger$5.debug("Anthropic request payload:", JSON.stringify(anthropicPayload));
+	debugJson(logger$5, "Anthropic request payload:", anthropicPayload);
 	const subagentMarker = parseSubagentMarkerFromFirstUser(anthropicPayload);
 	const initiatorOverride = subagentMarker ? "agent" : void 0;
-	if (subagentMarker) logger$5.debug("Detected Subagent marker:", JSON.stringify(subagentMarker));
+	if (subagentMarker) debugJson(logger$5, "Detected Subagent marker:", subagentMarker);
 	const sessionId = getRootSessionId(anthropicPayload, c);
 	logger$5.debug("Extracted session ID:", sessionId);
 	const anthropicBeta = c.req.header("anthropic-beta");
@@ -4898,7 +5261,10 @@ async function handleCompletion(c) {
 	if (isCompact) {
 		logger$5.debug("Is compact request:", isCompact);
 		if (shouldCompactUseSmallModel()) anthropicPayload.model = getSmallModel();
-	} else mergeToolResultForClaude(anthropicPayload);
+	} else {
+		stripToolReferenceTurnBoundary(anthropicPayload);
+		mergeToolResultForClaude(anthropicPayload);
+	}
 	const upstreamRequestId = generateRequestIdFromPayload(anthropicPayload, sessionId);
 	logger$5.debug("Generated request ID:", upstreamRequestId);
 	const clientModel = anthropicPayload.model;
@@ -5028,7 +5394,7 @@ async function handleCompletion(c) {
 }
 const handleWithChatCompletions = async (params) => {
 	const { c, openAIPayload, initiatorOverride, subagentMarker, sessionId, selectedModel, instr, isCompact } = params;
-	logger$5.debug("Translated OpenAI request payload:", JSON.stringify(openAIPayload));
+	debugJson(logger$5, "Translated OpenAI request payload:", openAIPayload);
 	const ctx = toAccountContext(instr.account);
 	const initiator = initiatorOverride ?? getChatInitiator(openAIPayload.messages);
 	instr.initiator = initiator;
@@ -5075,7 +5441,7 @@ const handleWithResponsesApi = async (params) => {
 	const responsesPayload = translateAnthropicMessagesToResponsesPayload(anthropicPayload, selectedModel.id);
 	applyResponsesApiContextManagement(responsesPayload, selectedModel.capabilities.limits.max_prompt_tokens);
 	compactInputByLatestCompaction(responsesPayload);
-	logger$5.debug("Translated Responses payload:", JSON.stringify(responsesPayload));
+	debugJson(logger$5, "Translated Responses payload:", responsesPayload);
 	const { vision, initiator } = getResponsesRequestOptions(responsesPayload);
 	const resolvedInitiator = initiatorOverride ?? initiator;
 	const ctx = toAccountContext(instr.account);
@@ -5189,7 +5555,7 @@ async function handleChatCompletionsNonStreaming(params) {
 	try {
 		logger$5.debug("Non-streaming response from Copilot:", JSON.stringify(response));
 		const anthropicResponse = translateToAnthropic(response);
-		logger$5.debug("Translated Anthropic response:", JSON.stringify(anthropicResponse));
+		debugJson(logger$5, "Translated Anthropic response:", anthropicResponse);
 		return c.json(anthropicResponse);
 	} catch (error) {
 		const details = extractErrorDetails(error);
@@ -5311,7 +5677,7 @@ async function handleResponsesNonStreaming(params) {
 		usage = extractResponsesUsageFromResult(result);
 		logger$5.debug("Non-streaming Responses result:", JSON.stringify(result).slice(-400));
 		const anthropicResponse = translateResponsesResultToAnthropic(result);
-		logger$5.debug("Translated Anthropic response:", JSON.stringify(anthropicResponse));
+		debugJson(logger$5, "Translated Anthropic response:", anthropicResponse);
 		return c.json(anthropicResponse);
 	} catch (error) {
 		const details = extractErrorDetails(error);
@@ -5542,20 +5908,8 @@ async function streamMessagesAndLog(params) {
 }
 const handleWithMessagesApi = async (params) => {
 	const { c, anthropicPayload, anthropicBetaHeader, initiatorOverride, subagentMarker, sessionId, instr, selectedModel, isCompact } = params;
-	stripCacheControl(anthropicPayload);
-	for (const msg of anthropicPayload.messages) if (msg.role === "assistant" && Array.isArray(msg.content)) msg.content = msg.content.filter((block) => {
-		if (block.type !== "thinking") return true;
-		return block.thinking && block.thinking !== "Thinking..." && block.signature && !block.signature.includes("@");
-	});
-	const toolChoice = anthropicPayload.tool_choice;
-	if (toolChoice?.type === "any" || toolChoice?.type === "tool") {
-		delete anthropicPayload.thinking;
-		delete anthropicPayload.output_config;
-	} else if (selectedModel.capabilities.supports.adaptive_thinking) {
-		anthropicPayload.thinking = { type: "adaptive" };
-		anthropicPayload.output_config = { effort: getAnthropicEffortForModel(anthropicPayload.model) };
-	}
-	logger$5.debug("Translated Messages payload:", JSON.stringify(anthropicPayload));
+	prepareMessagesApiPayload(anthropicPayload, selectedModel);
+	debugJson(logger$5, "Translated Messages payload:", anthropicPayload);
 	const ctx = toAccountContext(instr.account);
 	const initiator = initiatorOverride ?? getMessagesInitiator(anthropicPayload);
 	instr.initiator = initiator;
@@ -5593,12 +5947,6 @@ const handleWithMessagesApi = async (params) => {
 };
 const isNonStreaming = (response) => Object.hasOwn(response, "choices");
 const isAsyncIterable$1 = (value) => Boolean(value) && typeof value[Symbol.asyncIterator] === "function";
-const getAnthropicEffortForModel = (model) => {
-	const reasoningEffort = getReasoningEffortForModel(model);
-	if (reasoningEffort === "xhigh") return "max";
-	if (reasoningEffort === "none" || reasoningEffort === "minimal") return "low";
-	return reasoningEffort;
-};
 
 //#endregion
 //#region src/routes/messages/route.ts
@@ -5779,10 +6127,10 @@ async function handleProviderMessages(c) {
 		payload.temperature ??= modelConfig?.temperature;
 		payload.top_p ??= modelConfig?.topP;
 		payload.top_k ??= modelConfig?.topK;
-		logger$3.debug("provider.messages.request", JSON.stringify({
+		debugJson(logger$3, "provider.messages.request", {
 			payload,
 			provider
-		}));
+		});
 		const upstreamResponse = await forwardProviderMessages(providerConfig, payload, c.req.raw.headers);
 		if (!upstreamResponse.ok) {
 			logger$3.error("Failed to create responses", upstreamResponse);
@@ -5825,7 +6173,7 @@ async function handleProviderMessages(c) {
 		}
 		const jsonBody = await upstreamResponse.json();
 		adjustInputTokens(providerConfig, jsonBody.usage);
-		logger$3.debug("provider.messages.no_stream result:", JSON.stringify(jsonBody));
+		debugJson(logger$3, "provider.messages.no_stream result:", jsonBody);
 		return c.json(jsonBody);
 	} catch (error) {
 		logger$3.error("provider.messages.error", {
@@ -5838,7 +6186,7 @@ async function handleProviderMessages(c) {
 const adjustInputTokens = (providerConfig, usage) => {
 	if (!providerConfig.adjustInputTokens || !usage) return;
 	usage.input_tokens = Math.max(0, (usage.input_tokens ?? 0) - (usage.cache_read_input_tokens ?? 0) - (usage.cache_creation_input_tokens ?? 0));
-	logger$3.debug("provider.messages.adjusted_usage:", JSON.stringify(usage));
+	debugJson(logger$3, "provider.messages.adjusted_usage:", usage);
 };
 
 //#endregion
@@ -5933,7 +6281,7 @@ const handleResponses = async (c) => {
 	const request = buildRequestContext(c);
 	const payload = await c.req.json();
 	const clientModel = payload.model;
-	logger$1.debug("Responses request payload:", JSON.stringify(payload));
+	debugJson(logger$1, "Responses request payload:", payload);
 	if (!isResponsesApiWebSearchEnabled()) removeWebSearchTool(payload);
 	compactInputByLatestCompaction(payload);
 	const streamRequested = Boolean(payload.stream);
@@ -6181,7 +6529,10 @@ async function handleNonStreamingUpstreamResult(params) {
 	let errorMessage;
 	const finishedAtMs = Date.now();
 	try {
-		logger$1.debug("Forwarding native Responses result:", JSON.stringify(result).slice(-400));
+		debugJsonTail(logger$1, "Forwarding native Responses result:", {
+			value: result,
+			tailLength: 400
+		});
 		return c.json(result);
 	} catch (error) {
 		const details = extractErrorDetails(error);
@@ -6233,7 +6584,7 @@ async function streamResponsesAndLog(params) {
 			const processedData = fixStreamIds(data ?? "", event, idTracker);
 			const usage = extractUsageFromChunkData(processedData);
 			if (usage) lastUsage = usage;
-			logger$1.debug("Responses stream chunk:", JSON.stringify(chunk));
+			debugJson(logger$1, "Responses stream chunk:", chunk);
 			await stream.writeSSE({
 				id,
 				event,
@@ -6297,7 +6648,10 @@ async function handleNonStreamingResponses(params) {
 		if (streamResponse) return streamResponse;
 		const result = response;
 		usage = extractResponsesUsageFromResult(result);
-		logger$1.debug("Forwarding native Responses result:", JSON.stringify(result).slice(-400));
+		debugJsonTail(logger$1, "Forwarding native Responses result:", {
+			value: result,
+			tailLength: 400
+		});
 		return c.json(result);
 	} catch (error) {
 		finishedAtMs = Date.now();
@@ -6344,6 +6698,7 @@ function handleUnexpectedResponsesStream(c, response) {
 		for await (const chunk of response) {
 			const { id, event, data } = getStreamChunkFields(chunk);
 			const processedData = fixStreamIds(data ?? "", event, idTracker);
+			debugJson(logger$1, "Responses stream chunk:", chunk);
 			await stream.writeSSE({
 				id,
 				event,
@@ -6476,4 +6831,4 @@ server.route("/:provider/v1/models", providerModelRoutes);
 
 //#endregion
 export { server };
-//# sourceMappingURL=server-D9M_wFyO.js.map
+//# sourceMappingURL=server-CuXJhEMC.js.map