@pikoloo/codex-proxy 1.0.6

package/src/routes/claude-config-route.js

@@ -0,0 +1,121 @@
+/**
+ * Claude Config Route
+ * Handles Claude CLI configuration endpoints:
+ *   GET  /claude/config
+ *   POST /claude/config/proxy
+ *   POST /claude/config/direct
+ *   POST /claude/config/set
+ */
+
+import {
+  readClaudeConfig,
+  setProxyMode,
+  setDirectMode,
+  setApiEndpoint,
+  getClaudeConfigPath
+} from '../claude-config.js';
+import { isAllowedApiEndpoint, redactSensitiveConfig } from '../security.js';
+
+/**
+ * GET /claude/config
+ * Returns the current Claude CLI configuration.
+ */
+export async function handleGetClaudeConfig(req, res) {
+  try {
+    const config = await readClaudeConfig();
+    const configPath = getClaudeConfigPath();
+    res.json({ success: true, configPath, config: redactSensitiveConfig(config) });
+  } catch (error) {
+    res.status(500).json({ success: false, error: error.message });
+  }
+}
+
+/**
+ * POST /claude/config/proxy
+ * Configures Claude CLI to use this proxy server.
+ */
+export async function handleSetProxyMode(req, res, { port }) {
+  try {
+    const proxyUrl = `http://localhost:${port}`;
+    const models = {
+      default: 'claude-sonnet-4-6',
+      opus: 'claude-opus-4-6',
+      sonnet: 'claude-sonnet-4-6',
+      haiku: 'claude-haiku-4-5'
+    };
+    const config = await setProxyMode(proxyUrl, models);
+    res.json({
+      success: true,
+      message: `Claude CLI configured to use proxy at ${proxyUrl}`,
+      config: redactSensitiveConfig(config)
+    });
+  } catch (error) {
+    res.status(500).json({ success: false, error: error.message });
+  }
+}
+
+/**
+ * POST /claude/config/direct
+ * Configures Claude CLI to use the Anthropic API directly.
+ */
+export async function handleSetDirectMode(req, res) {
+  const { apiKey } = req.body || {};
+  if (!apiKey) {
+    return res.status(400).json({ success: false, error: 'API key required' });
+  }
+  try {
+    const config = await setDirectMode(apiKey);
+    res.json({
+      success: true,
+      message: 'Claude CLI configured to use direct Anthropic API',
+      config: redactSensitiveConfig(config)
+    });
+  } catch (error) {
+    res.status(500).json({ success: false, error: error.message });
+  }
+}
+
+export async function handleSetClaudeApiEndpoint(req, res) {
+  const { apiUrl, apiKey } = req.body || {};
+
+  if (typeof apiUrl !== 'string' || !apiUrl.trim()) {
+    return res.status(400).json({ success: false, error: 'apiUrl is required' });
+  }
+  if (typeof apiKey !== 'string' || !apiKey.trim()) {
+    return res.status(400).json({ success: false, error: 'apiKey is required' });
+  }
+
+  let parsed;
+  try {
+    parsed = new URL(apiUrl);
+  } catch {
+    return res.status(400).json({ success: false, error: 'apiUrl must be a valid URL' });
+  }
+
+  const normalizedApiUrl = parsed.toString().replace(/\/$/, '');
+
+  if (!isAllowedApiEndpoint(normalizedApiUrl)) {
+    return res.status(400).json({
+      success: false,
+      error: 'apiUrl must be a loopback URL unless CODEX_CLAUDE_PROXY_ALLOW_EXTERNAL_ENDPOINTS=true is set'
+    });
+  }
+
+  try {
+    const config = await setApiEndpoint({ apiUrl: normalizedApiUrl, apiKey });
+    res.json({
+      success: true,
+      message: 'Claude CLI API endpoint updated',
+      config: redactSensitiveConfig(config)
+    });
+  } catch (error) {
+    res.status(500).json({ success: false, error: error.message });
+  }
+}
+
+export default {
+  handleGetClaudeConfig,
+  handleSetProxyMode,
+  handleSetDirectMode,
+  handleSetClaudeApiEndpoint
+};

package/src/routes/logs-route.js

@@ -0,0 +1,43 @@
+/**
+ * Logs Route
+ * Handles log retrieval and live streaming:
+ *   GET /api/logs
+ *   GET /api/logs/stream
+ */
+
+import { logger } from '../utils/logger.js';
+
+/**
+ * GET /api/logs
+ * Returns the in-memory log history as JSON.
+ */
+export function handleGetLogs(req, res) {
+  res.json({ status: 'ok', logs: logger.getHistory() });
+}
+
+/**
+ * GET /api/logs/stream
+ * Streams live log events as Server-Sent Events.
+ * Pass ?history=true to replay existing log history before streaming live events.
+ */
+export function handleStreamLogs(req, res) {
+  res.setHeader('Content-Type', 'text/event-stream');
+  res.setHeader('Cache-Control', 'no-cache');
+  res.setHeader('Connection', 'keep-alive');
+
+  const sendLog = (log) => {
+    res.write(`data: ${JSON.stringify(log)}\n\n`);
+  };
+
+  if (req.query.history === 'true') {
+    logger.getHistory().forEach(sendLog);
+  }
+
+  logger.on('log', sendLog);
+
+  req.on('close', () => {
+    logger.off('log', sendLog);
+  });
+}
+
+export default { handleGetLogs, handleStreamLogs };

package/src/routes/messages-route.js

@@ -0,0 +1,203 @@
+import { sendMessageStream, sendMessage } from '../direct-api.js';
+import { sendKiloMessageStream, sendKiloMessage } from '../kilo-api.js';
+import { DEFAULT_OPENAI_MODEL, isKiloEnabled, resolveModelRouting } from '../model-mapper.js';
+import { sendAuthError, getCredentialsOrError, getCredentialsForAccount } from '../middleware/credentials.js';
+import { initSSEResponse, pipeSSEStream, handleStreamError } from '../middleware/sse.js';
+import { logger } from '../utils/logger.js';
+import { AccountRotator } from '../account-rotation/index.js';
+import { listAccounts, getActiveAccount, save } from '../account-manager.js';
+import { getServerSettings, isMultiAccountRotationEnabled } from '../server-settings.js';
+
+const MAX_RETRIES = 5;
+const MAX_WAIT_BEFORE_ERROR_MS = 120000;
+const SHORT_RATE_LIMIT_THRESHOLD_MS = 5000;
+
+let accountRotator = null;
+let currentStrategy = null;
+
+function getAccountRotator() {
+    const settings = getServerSettings();
+    const strategy = settings.accountStrategy || 'sticky';
+    
+    if (!accountRotator || currentStrategy !== strategy) {
+        accountRotator = new AccountRotator({
+            listAccounts,
+            save,
+            getActiveAccount
+        }, strategy);
+        currentStrategy = strategy;
+        logger.info(`[Messages] Account strategy: ${strategy}`);
+    }
+    return accountRotator;
+}
+
+export async function handleMessages(req, res) {
+    const startTime = Date.now();
+    const body = req.body;
+    const requestedModel = body.model || DEFAULT_OPENAI_MODEL;
+    const isStreaming = body.stream !== false;
+    
+    const { isKilo, kiloTarget, upstreamModel } = resolveModelRouting(requestedModel);
+    
+    if (isKilo) {
+        if (!isKiloEnabled()) {
+            return res.status(403).json({
+                type: 'error',
+                error: {
+                    type: 'invalid_request_error',
+                    code: 'kilo_disabled',
+                    message: 'Kilo routing is disabled. Set CODEX_CLAUDE_PROXY_ENABLE_KILO=true to enable third-party Kilo model routing.'
+                }
+            });
+        }
+
+        return isStreaming
+            ? _streamKilo(res, { ...body, model: upstreamModel }, kiloTarget, requestedModel, startTime)
+            : _sendKilo(res, { ...body, model: upstreamModel }, kiloTarget, requestedModel, startTime);
+    }
+
+    if (!isMultiAccountRotationEnabled()) {
+        const creds = await getCredentialsOrError();
+        if (!creds) {
+            return sendAuthError(res);
+        }
+
+        const anthropicRequest = { ...body, model: upstreamModel };
+        try {
+            if (isStreaming) {
+                await _streamDirectWithRotation(res, anthropicRequest, creds, requestedModel, startTime, null);
+            } else {
+                await _sendDirectWithRotation(res, anthropicRequest, creds, requestedModel, startTime, null);
+            }
+            return;
+        } catch (error) {
+            return handleStreamError(res, error, requestedModel, startTime);
+        }
+    }
+    
+    const rotator = getAccountRotator();
+    const accountSnapshot = listAccounts();
+
+    if (accountSnapshot.total === 0) {
+        return sendAuthError(res, 'No active account with valid credentials. Add an account via /accounts/add');
+    }
+    
+    rotator.clearExpiredLimits();
+    
+    const maxAttempts = Math.max(MAX_RETRIES, accountSnapshot.total);
+    
+    for (let attempt = 0; attempt < maxAttempts; attempt++) {
+        if (rotator.isAllRateLimited(upstreamModel)) {
+            const minWait = rotator.getMinWaitTimeMs(upstreamModel);
+            
+            if (minWait > MAX_WAIT_BEFORE_ERROR_MS) {
+                return handleStreamError(res, new Error(`RESOURCE_EXHAUSTED: All accounts rate-limited. Wait ${Math.round(minWait/1000)}s`), requestedModel, startTime);
+            }
+            
+            logger.info(`[Messages] All accounts rate-limited, waiting ${Math.round(minWait/1000)}s...`);
+            await sleep(minWait + 500);
+            rotator.clearExpiredLimits();
+            attempt--;
+            continue;
+        }
+        
+        const { account, waitMs } = rotator.selectAccount(upstreamModel);
+        
+        if (!account) {
+            if (waitMs > 0) {
+                await sleep(waitMs);
+                attempt--;
+                continue;
+            }
+            return sendAuthError(res, 'No available accounts');
+        }
+        
+        const creds = await getCredentialsForAccount(account.email);
+        if (!creds) {
+            rotator.markInvalid(account.email, 'Failed to get credentials');
+            continue;
+        }
+        
+        const anthropicRequest = { ...body, model: upstreamModel };
+        
+        try {
+            if (isStreaming) {
+                await _streamDirectWithRotation(res, anthropicRequest, creds, requestedModel, startTime, rotator);
+            } else {
+                await _sendDirectWithRotation(res, anthropicRequest, creds, requestedModel, startTime, rotator);
+            }
+            rotator.notifySuccess(account, upstreamModel);
+            return;
+        } catch (error) {
+            if (error.message.startsWith('RATE_LIMITED:')) {
+                const parts = error.message.split(':');
+                const resetMs = parseInt(parts[1], 10);
+                const errorText = parts.slice(2).join(':');
+                
+                rotator.notifyRateLimit(account, upstreamModel);
+                
+                if (resetMs <= SHORT_RATE_LIMIT_THRESHOLD_MS) {
+                    logger.info(`[Messages] Short rate limit on ${account.email}, waiting ${resetMs}ms...`);
+                    await sleep(resetMs);
+                    attempt--;
+                    continue;
+                }
+                
+                logger.info(`[Messages] Rate limit on ${account.email}, switching account...`);
+                continue;
+            }
+            
+            if (error.message.includes('AUTH_EXPIRED')) {
+                rotator.markInvalid(account.email, 'Auth expired');
+                continue;
+            }
+            
+            return handleStreamError(res, error, requestedModel, startTime);
+        }
+    }
+    
+    return handleStreamError(res, new Error('Max retries exceeded'), requestedModel, startTime);
+}
+
+async function _streamDirectWithRotation(res, anthropicRequest, creds, responseModel, startTime, rotator) {
+    initSSEResponse(res);
+    const stream = sendMessageStream(anthropicRequest, creds.accessToken, creds.accountId, rotator, creds.email);
+    await pipeSSEStream(res, stream);
+    logger.response(200, { model: anthropicRequest.model, duration: Date.now() - startTime });
+}
+
+async function _sendDirectWithRotation(res, anthropicRequest, creds, responseModel, startTime, rotator) {
+    const response = await sendMessage(anthropicRequest, creds.accessToken, creds.accountId);
+    const duration = Date.now() - startTime;
+    logger.response(200, { model: anthropicRequest.model, tokens: response.usage?.output_tokens || 0, duration });
+    res.json({ ...response, model: responseModel });
+}
+
+async function _streamKilo(res, anthropicRequest, kiloTarget, responseModel, startTime) {
+    initSSEResponse(res);
+    const stream = sendKiloMessageStream(anthropicRequest, kiloTarget);
+    await pipeSSEStream(res, stream);
+    logger.response(200, { model: kiloTarget, duration: Date.now() - startTime });
+}
+
+async function _sendKilo(res, anthropicRequest, kiloTarget, responseModel, startTime) {
+    const response = await sendKiloMessage(anthropicRequest, kiloTarget);
+    const duration = Date.now() - startTime;
+    logger.response(200, { model: kiloTarget, tokens: response.usage?.output_tokens || 0, duration });
+    res.json({
+        id: response.id || undefined,
+        type: 'message',
+        role: 'assistant',
+        content: response.content,
+        model: responseModel,
+        stop_reason: response.stopReason,
+        stop_sequence: null,
+        usage: response.usage
+    });
+}
+
+function sleep(ms) {
+    return new Promise(resolve => setTimeout(resolve, ms));
+}
+
+export default { handleMessages };

package/src/routes/models-route.js

@@ -0,0 +1,119 @@
+/**
+ * Models Route
+ * Handles:
+ *   GET /v1/models            — OpenAI-compatible model list
+ *   GET /accounts/models      — Raw model list for the active/specified account
+ *   GET /accounts/usage       — Usage stats for the active/specified account
+ */
+
+import { fetchModels, fetchUsage } from '../model-api.js';
+import { getActiveAccount, loadAccounts } from '../account-manager.js';
+import { logger } from '../utils/logger.js';
+import { getCredentialsOrError } from '../middleware/credentials.js';
+import { DEFAULT_OPENAI_MODEL, DEFAULT_SMALL_OPENAI_MODEL, LATEST_CODEX_MODEL } from '../model-mapper.js';
+
+const FALLBACK_MODELS = [
+  // OpenAI upstream models
+  { id: DEFAULT_OPENAI_MODEL, object: 'model', owned_by: 'openai' },
+  { id: 'gpt-5.4', object: 'model', owned_by: 'openai' },
+  { id: DEFAULT_SMALL_OPENAI_MODEL, object: 'model', owned_by: 'openai' },
+  { id: 'gpt-5.4-nano', object: 'model', owned_by: 'openai' },
+  { id: LATEST_CODEX_MODEL, object: 'model', owned_by: 'openai' },
+  { id: 'gpt-5.1-codex', object: 'model', owned_by: 'openai' },
+  { id: 'gpt-5.2', object: 'model', owned_by: 'openai' },
+  // Current Claude 4.6 models
+  { id: 'claude-opus-4-6', object: 'model', owned_by: 'anthropic' },
+  { id: 'claude-sonnet-4-6', object: 'model', owned_by: 'anthropic' },
+  { id: 'claude-haiku-4-5', object: 'model', owned_by: 'anthropic' },
+  // 1M context variants
+  { id: 'claude-opus-4-6-1m', object: 'model', owned_by: 'anthropic' },
+  { id: 'claude-sonnet-4-6-1m', object: 'model', owned_by: 'anthropic' },
+  // Legacy models (still supported)
+  { id: 'claude-opus-4-5', object: 'model', owned_by: 'anthropic' },
+  { id: 'claude-sonnet-4-5', object: 'model', owned_by: 'anthropic' }
+];
+
+/**
+ * GET /v1/models
+ * Returns an OpenAI-compatible model list. Falls back to a static list on error.
+ */
+export async function handleListModels(req, res) {
+  const creds = await getCredentialsOrError();
+
+  if (!creds) {
+    return res.json({ object: 'list', data: FALLBACK_MODELS });
+  }
+
+  try {
+    const models = await fetchModels(creds.accessToken, creds.accountId);
+    const modelList = models.map(m => ({
+      id: m.id,
+      object: 'model',
+      created: Math.floor(Date.now() / 1000),
+      owned_by: 'openai',
+      description: m.description
+    }));
+    res.json({ object: 'list', data: modelList });
+  } catch (error) {
+    logger.error(`Failed to fetch models: ${error.message}`);
+    res.json({ object: 'list', data: FALLBACK_MODELS });
+  }
+}
+
+/**
+ * GET /accounts/models
+ * Returns the raw model list for the active or specified account.
+ */
+export async function handleAccountModels(req, res) {
+  const account = _resolveAccount(req.query.email);
+
+  if (!account) {
+    return res.status(404).json({
+      success: false,
+      error: req.query.email ? `Account not found: ${req.query.email}` : 'No active account'
+    });
+  }
+
+  try {
+    const models = await fetchModels(account.accessToken, account.accountId);
+    res.json({ success: true, email: account.email, models });
+  } catch (error) {
+    logger.error(`Failed to fetch models: ${error.message}`);
+    res.status(500).json({ success: false, error: error.message });
+  }
+}
+
+/**
+ * GET /accounts/usage
+ * Returns usage stats for the active or specified account.
+ */
+export async function handleAccountUsage(req, res) {
+  const account = _resolveAccount(req.query.email);
+
+  if (!account) {
+    return res.status(404).json({
+      success: false,
+      error: req.query.email ? `Account not found: ${req.query.email}` : 'No active account'
+    });
+  }
+
+  try {
+    const usage = await fetchUsage(account.accessToken, account.accountId);
+    res.json({ success: true, email: account.email, usage });
+  } catch (error) {
+    logger.error(`Failed to fetch usage: ${error.message}`);
+    res.status(500).json({ success: false, error: error.message });
+  }
+}
+
+// ─── Helpers ─────────────────────────────────────────────────────────────────
+
+function _resolveAccount(email) {
+  if (email) {
+    const data = loadAccounts();
+    return data.accounts.find(a => a.email === email) || null;
+  }
+  return getActiveAccount();
+}
+
+export default { handleListModels, handleAccountModels, handleAccountUsage };

package/src/routes/settings-route.js

@@ -0,0 +1,143 @@
+/**
+ * Settings Route
+ * Handles server settings endpoints:
+ *   GET  /settings/haiku-model
+ *   POST /settings/haiku-model
+ *   GET  /settings/account-strategy
+ *   POST /settings/account-strategy
+ *   GET  /settings/kilo-models
+ */
+
+import { getServerSettings, isMultiAccountRotationEnabled, setServerSettings } from '../server-settings.js';
+import { fetchFreeModels } from '../kilo-models.js';
+import { isKiloEnabled } from '../model-mapper.js';
+
+const VALID_STRATEGIES = ['sticky', 'round-robin'];
+
+/**
+ * GET /settings/haiku-model
+ * Returns the current explicit Kilo target selection.
+ */
+export function handleGetHaikuModel(req, res) {
+  const settings = getServerSettings();
+  res.json({
+    success: true,
+    haikuKiloModel: settings.haikuKiloModel,
+    kiloEnabled: isKiloEnabled()
+  });
+}
+
+/**
+ * POST /settings/haiku-model
+ * Updates the explicit Kilo target selection.
+ * Accepts any model ID string — the UI filters to only show free models.
+ */
+export async function handleSetHaikuModel(req, res) {
+  const { haikuKiloModel } = req.body || {};
+
+  if (!haikuKiloModel || typeof haikuKiloModel !== 'string') {
+    return res.status(400).json({
+      success: false,
+      error: 'haikuKiloModel is required and must be a string'
+    });
+  }
+
+  if (!isKiloEnabled()) {
+    return res.status(403).json({
+      success: false,
+      error: 'Kilo routing is disabled. Set CODEX_CLAUDE_PROXY_ENABLE_KILO=true to enable third-party Kilo model routing.'
+    });
+  }
+
+  // Validate against live free models from Kilo API
+  try {
+    const freeModels = await fetchFreeModels();
+    const validIds = freeModels.map(m => m.id);
+    if (!validIds.includes(haikuKiloModel)) {
+      return res.status(400).json({
+        success: false,
+        error: `Model "${haikuKiloModel}" is not a free model. Available: ${validIds.join(', ')}`
+      });
+    }
+  } catch (err) {
+    // If API is unreachable, allow any value (user may know what they're doing)
+    console.warn(`[Settings] Could not validate model against Kilo API: ${err.message}`);
+  }
+
+  const settings = setServerSettings({ haikuKiloModel });
+  res.json({ success: true, haikuKiloModel: settings.haikuKiloModel, kiloEnabled: true });
+}
+
+/**
+ * GET /settings/kilo-models
+ * Returns the list of free Kilo models from the API.
+ */
+export async function handleGetKiloModels(req, res) {
+  const settings = getServerSettings();
+  if (!isKiloEnabled()) {
+    return res.json({
+      success: true,
+      enabled: false,
+      models: [],
+      current: settings.haikuKiloModel
+    });
+  }
+
+  try {
+    const freeModels = await fetchFreeModels();
+    res.json({
+      success: true,
+      enabled: true,
+      models: freeModels,
+      current: settings.haikuKiloModel
+    });
+  } catch (error) {
+    res.status(500).json({
+      success: false,
+      error: `Failed to fetch models: ${error.message}`
+    });
+  }
+}
+
+/**
+ * GET /settings/account-strategy
+ * Returns the current account selection strategy.
+ */
+export function handleGetAccountStrategy(req, res) {
+  const settings = getServerSettings();
+  res.json({
+    success: true,
+    accountStrategy: settings.accountStrategy,
+    rotationEnabled: isMultiAccountRotationEnabled()
+  });
+}
+
+/**
+ * POST /settings/account-strategy
+ * Updates the account selection strategy.
+ */
+export function handleSetAccountStrategy(req, res) {
+  const { accountStrategy } = req.body || {};
+
+  if (!VALID_STRATEGIES.includes(accountStrategy)) {
+    return res.status(400).json({
+      success: false,
+      error: `Invalid accountStrategy. Use one of: ${VALID_STRATEGIES.join(', ')}`
+    });
+  }
+
+  const settings = setServerSettings({ accountStrategy });
+  res.json({
+    success: true,
+    accountStrategy: settings.accountStrategy,
+    rotationEnabled: isMultiAccountRotationEnabled()
+  });
+}
+
+export default { 
+  handleGetHaikuModel, 
+  handleSetHaikuModel,
+  handleGetKiloModels,
+  handleGetAccountStrategy,
+  handleSetAccountStrategy
+};