@prometheus-ai/ai 0.5.4 → 0.5.8

package/src/errors.ts

@@ -0,0 +1,32 @@
+/**
+ * Structured HTTP errors thrown by provider clients.
+ *
+ * Downstream classification reads these fields structurally rather than via
+ * `instanceof`: `extractHttpStatusFromError` (@prometheus-ai/utils) reads `status`,
+ * `getHeadersFromError` (retry-after extraction) reads `headers`, and retry
+ * policies such as `isCopilotTransientModelError` read `code`. Per-provider
+ * subclasses exist so call sites can narrow with `instanceof` and logs carry
+ * a meaningful `error.name`.
+ */
+export interface ProviderHttpErrorOptions {
+	/** Response headers; enables `retry-after`/rate-limit extraction downstream. */
+	headers?: Headers;
+	/** Machine-readable error code from the response body (`error.code` / `error.type`). */
+	code?: string;
+	cause?: unknown;
+}
+
+/** Non-2xx HTTP response from a provider endpoint. */
+export class ProviderHttpError extends Error {
+	readonly status: number;
+	readonly headers: Headers | undefined;
+	readonly code: string | undefined;
+
+	constructor(message: string, status: number, options?: ProviderHttpErrorOptions) {
+		super(message, options?.cause === undefined ? undefined : { cause: options.cause });
+		this.name = "ProviderHttpError";
+		this.status = status;
+		this.headers = options?.headers;
+		this.code = options?.code;
+	}
+}

package/src/index.ts

@@ -1,15 +1,17 @@
+export {
+	ANTIGRAVITY_SYSTEM_INSTRUCTION,
+	getAntigravityUserAgent,
+	getGeminiCliHeaders,
+} from "@prometheus-ai/catalog/wire/gemini-headers";
 export { type ZodType, z } from "zod/v4";
 export * from "./api-registry";
 export * from "./auth-broker";
 export { type AuthGatewayBootOptions, type ModelResolver, startAuthGateway } from "./auth-gateway/server";
 export * from "./auth-gateway/types";
+export * from "./auth-retry";
 export * from "./auth-storage";
-export * from "./model-cache";
-export * from "./model-manager";
-export * from "./model-thinking";
-export * from "./models";
+export * from "./errors";
 export * from "./provider-details";
-export * from "./provider-models";
 export * from "./providers/anthropic";
 export * from "./providers/anthropic-client";
 export * from "./providers/azure-openai-responses";
@@ -17,7 +19,6 @@ export type * from "./providers/cursor";
 export * from "./providers/gitlab-duo";
 export type * from "./providers/google";
 export type * from "./providers/google-gemini-cli";
-export * from "./providers/google-gemini-headers";
 export type * from "./providers/google-vertex";
 export * from "./providers/kimi";
 export * from "./providers/mock";
@@ -27,6 +28,7 @@ export * from "./providers/openai-completions";
 export * from "./providers/openai-responses";
 export * from "./providers/synthetic";
 export * from "./rate-limit-utils";
+export * from "./registry";
 export * from "./stream";
 export * from "./types";
 export * from "./usage";
@@ -37,17 +39,10 @@ export * from "./usage/google-antigravity";
 export * from "./usage/kimi";
 export * from "./usage/minimax-code";
 export * from "./usage/openai-codex";
+export * from "./usage/openai-codex-reset";
 export * from "./usage/zai";
 export * from "./utils/anthropic-auth";
-export * from "./utils/discovery";
 export * from "./utils/event-stream";
-export * from "./utils/oauth";
-export type {
-	OAuthCredentials,
-	OAuthProvider,
-	OAuthProviderId,
-	OAuthProviderInfo,
-} from "./utils/oauth/types";
 export * from "./utils/overflow";
 export * from "./utils/retry";
 export * from "./utils/schema";

package/src/provider-details.ts

@@ -18,7 +18,7 @@ export interface ProviderDetailsContext {
 	authMode?: string;
 	/**
 	 * Human-readable description of the active credential, e.g.
-	 * `"broker http://can.internal:8765 · oauth #5 (foo@bar.com)"`.
+	 * `"broker http://auth-broker.internal:8765 - oauth #5 (foo@bar.com)"`.
 	 * Rendered as a `Source` field; omitted when undefined.
 	 */
 	credentialSource?: string;

package/src/providers/__tests__/google-auth.test.ts

@@ -0,0 +1,144 @@
+import { afterEach, beforeEach, describe, expect, it } from "bun:test";
+import { Buffer } from "node:buffer";
+import * as fs from "node:fs/promises";
+import * as os from "node:os";
+import * as path from "node:path";
+import type { FetchImpl } from "../../types";
+import { __resetVertexTokenCache, getVertexAccessToken } from "../google-auth";
+
+const CLOUD_PLATFORM_SCOPE = "https://www.googleapis.com/auth/cloud-platform";
+const JWT_BEARER_GRANT = "urn:ietf:params:oauth:grant-type:jwt-bearer";
+
+/** Generate a real RS256 private key so signJwtRs256 / pemToPkcs8 run for real. */
+async function generateServiceAccountPem(): Promise<string> {
+	const keyPair = (await globalThis.crypto.subtle.generateKey(
+		{ name: "RSASSA-PKCS1-v1_5", modulusLength: 2048, publicExponent: new Uint8Array([1, 0, 1]), hash: "SHA-256" },
+		true,
+		["sign", "verify"],
+	)) as CryptoKeyPair;
+	const pkcs8 = new Uint8Array(await globalThis.crypto.subtle.exportKey("pkcs8", keyPair.privateKey));
+	const body = (
+		Buffer.from(pkcs8)
+			.toString("base64")
+			.match(/.{1,64}/g) ?? []
+	).join("\n");
+	return `-----BEGIN PRIVATE KEY-----\n${body}\n-----END PRIVATE KEY-----\n`;
+}
+
+function urlOf(input: string | URL | Request): string {
+	if (typeof input === "string") return input;
+	if (input instanceof URL) return input.toString();
+	return input.url;
+}
+
+describe("getVertexAccessToken impersonated_service_account ADC", () => {
+	let tmpDir: string;
+	let originalGac: string | undefined;
+
+	beforeEach(async () => {
+		__resetVertexTokenCache();
+		originalGac = Bun.env.GOOGLE_APPLICATION_CREDENTIALS;
+		tmpDir = await fs.mkdtemp(path.join(os.tmpdir(), "prometheus-vertex-adc-"));
+	});
+
+	afterEach(async () => {
+		__resetVertexTokenCache();
+		if (originalGac === undefined) delete Bun.env.GOOGLE_APPLICATION_CREDENTIALS;
+		else Bun.env.GOOGLE_APPLICATION_CREDENTIALS = originalGac;
+		await fs.rm(tmpDir, { recursive: true, force: true });
+	});
+
+	it("rejects a malformed service_account_impersonation_url before any network call", async () => {
+		const adcPath = path.join(tmpDir, "impersonated-bad-url.json");
+		await Bun.write(
+			adcPath,
+			JSON.stringify({
+				type: "impersonated_service_account",
+				// Missing the trailing ":generateAccessToken" the principal parser requires.
+				service_account_impersonation_url:
+					"https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/target@project.iam.gserviceaccount.com",
+				source_credentials: {
+					type: "authorized_user",
+					client_id: "client-id",
+					client_secret: "client-secret",
+					refresh_token: "refresh-token",
+				},
+			}),
+		);
+		Bun.env.GOOGLE_APPLICATION_CREDENTIALS = adcPath;
+
+		const calls: string[] = [];
+		const fetchImpl: FetchImpl = async input => {
+			calls.push(urlOf(input));
+			return new Response("{}");
+		};
+
+		// The principal is parsed before the source exchange, so a bad URL must fail
+		// up front rather than after burning a source-token round trip.
+		await expect(getVertexAccessToken({ fetch: fetchImpl })).rejects.toBeInstanceOf(RangeError);
+		expect(calls).toEqual([]);
+	});
+
+	it("signs an RS256 JWT for a service_account source and reconstructs the IAM URL", async () => {
+		const pem = await generateServiceAccountPem();
+		const adcPath = path.join(tmpDir, "impersonated-sa.json");
+		await Bun.write(
+			adcPath,
+			JSON.stringify({
+				type: "impersonated_service_account",
+				// Non-canonical project segment proves the request URL is rebuilt, not echoed.
+				service_account_impersonation_url:
+					"https://iamcredentials.googleapis.com/v1/projects/explicit-proj/serviceAccounts/target@project.iam.gserviceaccount.com:generateAccessToken",
+				source_credentials: {
+					type: "service_account",
+					client_email: "source@project.iam.gserviceaccount.com",
+					private_key: pem,
+					private_key_id: "key-1",
+				},
+				// delegates intentionally omitted — the IAM body must default to [].
+			}),
+		);
+		Bun.env.GOOGLE_APPLICATION_CREDENTIALS = adcPath;
+
+		const calls: { url: string; init?: RequestInit }[] = [];
+		const fetchImpl: FetchImpl = async (input, init) => {
+			const url = urlOf(input);
+			calls.push({ url, init });
+			if (url === "https://oauth2.googleapis.com/token") {
+				return new Response(JSON.stringify({ access_token: "sa-source-token", expires_in: 3600 }));
+			}
+			if (url.startsWith("https://iamcredentials.googleapis.com/")) {
+				return new Response(
+					JSON.stringify({
+						accessToken: "impersonated-token",
+						expireTime: new Date(Date.now() + 3_600_000).toISOString(),
+					}),
+				);
+			}
+			return new Response("unexpected", { status: 404 });
+		};
+
+		const token = await getVertexAccessToken({ fetch: fetchImpl });
+		expect(token).toBe("impersonated-token");
+
+		// Source JWT exchange happens first, then the impersonation exchange.
+		expect(calls.map(c => c.url)).toEqual([
+			"https://oauth2.googleapis.com/token",
+			"https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/target@project.iam.gserviceaccount.com:generateAccessToken",
+		]);
+
+		// Source credential is exchanged via a signed JWT bearer assertion, not a refresh grant.
+		const sourceBody = new URLSearchParams(String(calls[0].init?.body));
+		expect(sourceBody.get("grant_type")).toBe(JWT_BEARER_GRANT);
+		expect((sourceBody.get("assertion") ?? "").split(".")).toHaveLength(3);
+
+		// The IAM call carries the source-derived bearer token and defaults delegates to [].
+		const iamHeaders = calls[1].init?.headers as Record<string, string>;
+		expect(iamHeaders.Authorization).toBe("Bearer sa-source-token");
+		expect(JSON.parse(String(calls[1].init?.body))).toEqual({
+			delegates: [],
+			scope: [CLOUD_PLATFORM_SCOPE],
+			lifetime: "3600s",
+		});
+	});
+});

package/src/providers/amazon-bedrock.ts

@@ -7,10 +7,11 @@
  * Bun's native `HTTPS_PROXY` support.
  */
 
+import type { Effort } from "@prometheus-ai/catalog/effort";
+import { mapEffortToAnthropicAdaptiveEffort, requireSupportedEffort } from "@prometheus-ai/catalog/model-thinking";
+import { calculateCost } from "@prometheus-ai/catalog/models";
 import { $env, $flag, extractHttpStatusFromError, fetchWithRetry } from "@prometheus-ai/utils";
-import type { Effort } from "../model-thinking";
-import { mapEffortToAnthropicAdaptiveEffort, requireSupportedEffort } from "../model-thinking";
-import { calculateCost } from "../models";
+import { ProviderHttpError } from "../errors";
 import type {
 	Api,
 	AssistantMessage,
@@ -29,14 +30,20 @@ import type {
 } from "../types";
 import { normalizeToolCallId, resolveCacheRetention } from "../utils";
 import { AssistantMessageEventStream } from "../utils/event-stream";
-import { appendRawHttpRequestDumpFor400, type RawHttpRequestDump, withHttpStatus } from "../utils/http-inspector";
+import { appendRawHttpRequestDumpFor400, type RawHttpRequestDump } from "../utils/http-inspector";
+import { getStreamFirstEventTimeoutMs } from "../utils/idle-iterator";
 import { parseStreamingJson, parseStreamingJsonThrottled } from "../utils/json-parse";
 import { toolWireSchema } from "../utils/schema/wire";
-import { resolveAwsCredentials } from "./aws-credentials";
+import { invalidateAwsCredentialCache, resolveAwsCredentials } from "./aws-credentials";
 import { decodeEventStream } from "./aws-eventstream";
 import { signRequest } from "./aws-sigv4";
 import { transformMessages } from "./transform-messages";
 
+/** Non-2xx response (or in-stream exception event) from the Bedrock runtime API. */
+export class BedrockApiError extends ProviderHttpError {
+	override readonly name = "BedrockApiError";
+}
+
 export type BedrockThinkingDisplay = "summarized" | "omitted";
 
 export interface BedrockOptions extends StreamOptions {
@@ -57,11 +64,12 @@ export interface BedrockOptions extends StreamOptions {
 	 * - `"omitted"`: thinking content is suppressed; the encrypted signature still
 	 *   travels back for multi-turn continuity.
 	 *
-	 * Starting with Claude Opus 4.7 the Anthropic API default is `"omitted"`, which
-	 * leaves callers waiting on a silent stream during long reasoning runs (issue
-	 * #1373). We default to `"summarized"` so adaptive-thinking models that accept
-	 * the field keep producing visible thinking deltas. Older adaptive-thinking
-	 * models (Opus 4.6, Sonnet 4.6+) reject the field, so we omit it for them.
+	 * Starting with Claude Opus 4.7 and Claude Fable/Mythos 5 the Anthropic API
+	 * default is `"omitted"`, which leaves callers waiting on a silent stream during
+	 * long reasoning runs (issue #1373). We default to `"summarized"` so adaptive-
+	 * thinking models that accept the field keep producing visible thinking deltas.
+	 * Older adaptive-thinking models (Opus 4.6, Sonnet 4.6+) reject the field, so
+	 * we omit it for them.
 	 */
 	thinkingDisplay?: BedrockThinkingDisplay;
 }
@@ -202,7 +210,10 @@ export const streamBedrock: StreamFunction<"bedrock-converse-stream"> = (
 
 		try {
 			const cacheRetention = resolveCacheRetention(options.cacheRetention);
-			const toolConfig = convertToolConfig(context.tools, options.toolChoice);
+			const historyHasToolBlocks = context.messages.some(
+				m => m.role === "toolResult" || (m.role === "assistant" && m.content.some(b => b.type === "toolCall")),
+			);
+			const toolConfig = convertToolConfig(context.tools, options.toolChoice, historyHasToolBlocks);
 			let additionalModelRequestFields = buildAdditionalModelRequestFields(model, options);
 
 			// Bedrock rejects thinking + forced tool_choice ("any" or specific tool).
@@ -272,20 +283,41 @@ export const streamBedrock: StreamFunction<"bedrock-converse-stream"> = (
 				requestHeaders = { ...baseHeaders, ...signed };
 			}
 
+			// Bun's native fetch ceiling is disabled below (`timeout: false`) so
+			// configurable watchdogs govern slow-prefill streams (issue #2422).
+			// Direct callers that bypass `register-builtins` (which installs the
+			// iterator-level first-event watchdog) still need a pre-response
+			// timer, otherwise a Bedrock/proxy that accepts the POST and never
+			// sends headers would hang forever.
+			const firstEventTimeoutMs = options.streamFirstEventTimeoutMs ?? getStreamFirstEventTimeoutMs();
+			const preResponseWatchdog =
+				firstEventTimeoutMs !== undefined && firstEventTimeoutMs > 0
+					? AbortSignal.timeout(firstEventTimeoutMs)
+					: undefined;
+			const fetchSignal = preResponseWatchdog
+				? options.signal
+					? AbortSignal.any([options.signal, preResponseWatchdog])
+					: preResponseWatchdog
+				: options.signal;
 			const response = await fetchWithRetry(url, {
 				method: "POST",
 				headers: requestHeaders,
 				body,
-				signal: options.signal,
+				signal: fetchSignal,
 				fetch: options.fetch,
+				timeout: false,
 			});
 
 			if (!response.ok) {
+				if (!bearerToken && (response.status === 401 || response.status === 403)) {
+					// Stale cached credentials (e.g. rotated session keys in ~/.aws/credentials) —
+					// drop the cache entry so the next attempt re-resolves from scratch.
+					invalidateAwsCredentialCache({ profile: options.profile, region });
+				}
 				const errBody = await response.text().catch(() => "");
-				throw withHttpStatus(
-					new Error(`Bedrock HTTP ${response.status}: ${errBody.slice(0, 1000)}`),
-					response.status,
-				);
+				throw new BedrockApiError(`Bedrock HTTP ${response.status}: ${errBody.slice(0, 1000)}`, response.status, {
+					headers: response.headers,
+				});
 			}
 			if (!response.body) throw new Error("Bedrock response has no body");
 
@@ -298,9 +330,10 @@ export const streamBedrock: StreamFunction<"bedrock-converse-stream"> = (
 					const exceptionType = message.headers[":exception-type"] || "Exception";
 					const payload = safeParsePayload(message.payload) as { message?: string } | undefined;
 					const errorMessage = payload?.message || new TextDecoder().decode(message.payload);
-					const status = exceptionType === "validationException" ? 400 : 0;
-					const err = new Error(`${exceptionType}: ${errorMessage}`);
-					throw status ? withHttpStatus(err, status) : err;
+					const text = `${exceptionType}: ${errorMessage}`;
+					throw exceptionType === "validationException"
+						? new BedrockApiError(text, 400, { code: exceptionType })
+						: new Error(text);
 				}
 				if (messageType === "error") {
 					const code = message.headers[":error-code"] || "UnknownError";
@@ -339,6 +372,9 @@ export const streamBedrock: StreamFunction<"bedrock-converse-stream"> = (
 					case "messageStop": {
 						const ev = payload as MessageStopEvent;
 						output.stopReason = mapStopReason(ev.stopReason);
+						if (output.stopReason === "error") {
+							output.errorMessage = `Generation failed with stop reason: ${ev.stopReason ?? "unknown"}`;
+						}
 						break;
 					}
 					case "metadata": {
@@ -739,8 +775,9 @@ function convertMessages(
 function convertToolConfig(
 	tools: Tool[] | undefined,
 	toolChoice: BedrockOptions["toolChoice"],
+	historyHasToolBlocks: boolean,
 ): WireToolConfig | undefined {
-	if (!tools?.length || toolChoice === "none") return undefined;
+	if (!tools?.length) return undefined;
 
 	const bedrockTools: WireToolSpec[] = tools.map(tool => ({
 		toolSpec: {
@@ -750,6 +787,13 @@ function convertToolConfig(
 		},
 	}));
 
+	// Bedrock rejects requests whose history contains toolUse/toolResult blocks without a
+	// toolConfig. With prior tool use we must keep the tool specs and merely omit the choice
+	// (there is no "none" choice on Converse); dropping toolConfig entirely would 400.
+	if (toolChoice === "none") {
+		return historyHasToolBlocks ? { tools: bedrockTools } : undefined;
+	}
+
 	let bedrockToolChoice: WireToolChoice | undefined;
 	switch (toolChoice) {
 		case "auto":
@@ -792,12 +836,13 @@ function buildAdditionalModelRequestFields(
 	const mode = model.thinking?.mode;
 	if (mode === "anthropic-adaptive") {
 		const effort = mapEffortToAnthropicAdaptiveEffort(model, reasoning);
-		// Starting with Claude Opus 4.7, Anthropic switched the adaptive-thinking
-		// default to "omitted", which silently suppresses streamed reasoning and
-		// can read as a stalled stream during long reasoning runs (issue #1373).
-		// Opt back into "summarized" by default on models that accept the field.
+		// Starting with Claude Opus 4.7 and Claude Fable/Mythos 5, Anthropic switched
+		// the adaptive-thinking default to "omitted", which silently suppresses
+		// streamed reasoning and can read as a stalled stream during long reasoning
+		// runs (issue #1373). Opt back into "summarized" by default on models that
+		// accept the field.
 		const adaptive: { type: "adaptive"; display?: BedrockThinkingDisplay } = { type: "adaptive" };
-		if (supportsAdaptiveThinkingDisplay(model.id)) {
+		if (model.thinking?.supportsDisplay) {
 			adaptive.display = options.thinkingDisplay ?? "summarized";
 		}
 		return {
@@ -831,21 +876,6 @@ function buildAdditionalModelRequestFields(
 	return result;
 }
 
-/**
- * Adaptive thinking `display` is supported starting with Claude Opus 4.7.
- * Older adaptive-thinking models (Opus 4.6, Sonnet 4.6+) reject the field.
- * Bedrock model ids are prefixed with region/inference-profile slugs (e.g.
- * `eu.anthropic.claude-opus-4-7-...`); the regex matches the `claude-opus-X-Y`
- * fragment regardless of prefix.
- */
-function supportsAdaptiveThinkingDisplay(modelId: string): boolean {
-	const match = /claude-opus-(\d+)-(\d+)/.exec(modelId);
-	if (!match) return false;
-	const major = Number(match[1]);
-	const minor = Number(match[2]);
-	return major > 4 || (major === 4 && minor >= 7);
-}
-
 /**
  * Bedrock's wire format expects the image as `{ source: { bytes: <base64-string> }, format }`.
  * The caller already passes base64-encoded data, so no decode/re-encode round-trip is needed.

package/src/providers/anthropic-client.ts

@@ -1,8 +1,8 @@
 /**
  * Minimal HTTP client for the Anthropic Messages API.
  *
- * @prometheus-ai/ai builds every request header itself (`buildAnthropicHeaders`), serializes
- * the body itself (`buildParams`), and parses SSE frames itself
+ * This package builds every request header itself (`buildAnthropicHeaders`),
+ * serializes the body itself (`buildParams`), and parses SSE frames itself
  * (`iterateAnthropicEvents`), so the only `@anthropic-ai/sdk` surface this
  * package ever exercised was URL assembly, auth-header injection, bounded
  * retries, the pre-response timeout, and HTTP-error-to-status mapping. This
@@ -21,6 +21,7 @@
  *   with up to 25% jitter).
  */
 import { scheduler } from "node:timers/promises";
+import { ProviderHttpError } from "../errors";
 import type { FetchImpl } from "../types";
 import type { MessageCreateParamsStreaming } from "./anthropic-wire";
 
@@ -43,7 +44,9 @@ export interface AnthropicRequestOptions {
 /**
  * Extra `RequestInit` fields merged into every fetch call. Bun extends
  * `RequestInit` with a `tls` option used for the Claude Code TLS profile and
- * Foundry mTLS.
+ * Foundry mTLS. Core request fields (`method`, `headers`, `body`, `signal`)
+ * are owned by the client and cannot be overridden from here — the timeout
+ * controller's signal in particular must always win.
  */
 export type AnthropicFetchOptions = RequestInit & {
 	tls?: {
@@ -54,6 +57,8 @@ export type AnthropicFetchOptions = RequestInit & {
 		cert?: string;
 		key?: string;
 	};
+	/** Bun extension: see {@link FetchWithRetryOptions.timeout} — `false` disables Bun's native fetch TTFT timeout (issue #2422). */
+	timeout?: number | false;
 };
 
 export interface AnthropicClientOptions {
@@ -71,16 +76,13 @@ export interface AnthropicClientOptions {
 }
 
 /** Non-2xx response from the Anthropic API. */
-export class AnthropicApiError extends Error {
-	readonly status: number;
-	readonly headers: Headers;
+export class AnthropicApiError extends ProviderHttpError {
+	declare readonly headers: Headers;
 	readonly requestId: string | null;
 
 	constructor(status: number, message: string, headers: Headers) {
-		super(message);
+		super(message, status, { headers });
 		this.name = "AnthropicApiError";
-		this.status = status;
-		this.headers = headers;
 		this.requestId = headers.get("request-id");
 	}
 
@@ -121,7 +123,7 @@ function shouldRetryResponse(response: Response): boolean {
 }
 
 /** Server-suggested delay (`retry-after-ms`, then `retry-after` seconds or HTTP date). */
-function retryDelayFromHeaders(headers: Headers | undefined): number | undefined {
+export function retryDelayFromHeaders(headers: Headers | undefined): number | undefined {
 	if (!headers) return undefined;
 	const retryAfterMs = headers.get("retry-after-ms");
 	if (retryAfterMs) {
@@ -138,7 +140,7 @@ function retryDelayFromHeaders(headers: Headers | undefined): number | undefined
 	return undefined;
 }
 
-function defaultRetryDelayMs(attempt: number): number {
+export function calculateAnthropicRetryDelayMs(attempt: number): number {
 	const sleepSeconds = Math.min(INITIAL_RETRY_DELAY_S * 2 ** attempt, MAX_RETRY_DELAY_S);
 	const jitter = 1 - Math.random() * 0.25;
 	return sleepSeconds * jitter * 1000;
@@ -288,11 +290,11 @@ export class AnthropicMessagesClient implements AnthropicMessagesClientLike {
 		callerSignal?.addEventListener("abort", onAbort, { once: true });
 		try {
 			return await fetchFn(url, {
+				...(this.#options.fetchOptions ?? {}),
 				method: "POST",
 				headers,
 				body,
 				signal: controller.signal,
-				...(this.#options.fetchOptions ?? {}),
 			});
 		} catch (error) {
 			if (timedOut && !callerSignal?.aborted) throw new AnthropicConnectionTimeoutError();
@@ -308,7 +310,7 @@ export class AnthropicMessagesClient implements AnthropicMessagesClientLike {
 		responseHeaders: Headers | undefined,
 		signal: AbortSignal | undefined,
 	): Promise<void> {
-		const delayMs = retryDelayFromHeaders(responseHeaders) ?? defaultRetryDelayMs(attempt);
+		const delayMs = retryDelayFromHeaders(responseHeaders) ?? calculateAnthropicRetryDelayMs(attempt);
 		try {
 			await scheduler.wait(delayMs, { signal });
 		} catch {

package/src/providers/anthropic-messages-server-schema.ts

@@ -5,10 +5,10 @@
  * `.refine(...)` so the error mentions them explicitly.
  *
  * Used by `anthropic-messages.ts:parseRequest` to validate the inbound JSON
- * before walking it into @prometheus-ai/ai's canonical `Context`.
+ * before walking it into Prometheus AI's canonical `Context`.
  */
 
-import * as z from "zod/v4";
+import { z } from "zod/v4";
 import type {
 	ContentBlockParam,
 	ImageBlockParam,
@@ -19,10 +19,10 @@ import type {
 	ToolChoice,
 } from "./anthropic-wire";
 
-// `cache_control` is accepted and translated to @prometheus-ai/ai's per-request
+// `cache_control` is accepted and translated to Prometheus AI's per-request
 // `cacheRetention` (any `ttl: "1h"` marker upgrades the request to "long";
 // any other ephemeral marker maps to "short"). The walker doesn't try to
-// preserve per-block breakpoints — @prometheus-ai/ai's anthropic provider re-applies them
+// preserve per-block breakpoints — Prometheus AI's anthropic provider re-applies them
 // against the rebuilt outbound request anyway.
 export const cacheControlSchema = z
 	.object({
@@ -102,7 +102,17 @@ const toolResultBlockSchema = z.object({
 // natively understand (server_tool_use, web_search_tool_result, mcp_*,
 // container_upload, code_execution_*, document, …). The walker flattens these
 // to a text placeholder so legitimate Anthropic clients don't get rejected.
-const unknownContentBlockSchema = z.object({ type: z.string() }).loose();
+// Known `type` values are excluded so a malformed known block (e.g.
+// `{type:"text", text: 123}`) fails validation with a clean 400 instead of
+// slipping past the discriminated union and throwing a TypeError downstream.
+function unknownContentBlockSchema(knownTypes: readonly string[]) {
+	const known = new Set(knownTypes);
+	return z
+		.object({
+			type: z.string().refine(t => !known.has(t), { message: "malformed known content block" }),
+		})
+		.loose();
+}
 
 // ─── System ────────────────────────────────────────────────────────────────
 
@@ -118,7 +128,7 @@ export const systemSchema = z.union([z.string(), z.array(systemBlockSchema)]).op
 
 const userContentBlockSchema = z.union([
 	z.discriminatedUnion("type", [textBlockSchema, imageBlockSchema, toolResultBlockSchema]),
-	unknownContentBlockSchema,
+	unknownContentBlockSchema(["text", "image", "tool_result"]),
 ]);
 
 const assistantContentBlockSchema = z.union([
@@ -128,7 +138,7 @@ const assistantContentBlockSchema = z.union([
 		redactedThinkingBlockSchema,
 		toolUseBlockSchema,
 	]),
-	unknownContentBlockSchema,
+	unknownContentBlockSchema(["text", "thinking", "redacted_thinking", "tool_use"]),
 ]);
 
 export const userMessageSchema = z.object({