@simonyea/holysheep-cli 1.7.130 → 1.7.131

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@simonyea/holysheep-cli",
-  "version": "1.7.130",
+  "version": "1.7.131",
   "description": "Claude Code/Cursor/Cline API relay for China — ¥1=$1, WeChat/Alipay payment, no credit card, no VPN. One command setup for all AI coding tools.",
   "keywords": [
     "openai-china",

package/src/commands/claude.js

@@ -68,22 +68,19 @@ async function runClaude(args = []) {
     claudeCodeTool.writeSettings(settings)
   }
 
-  const { server, port, sessionId } = await startProcessProxy({})
-  const proxyUrl = getLocalProxyUrl(port)
   const runtime = typeof claudeCodeTool.detectClaudeRuntime === 'function'
     ? claudeCodeTool.detectClaudeRuntime()
     : { kind: 'unknown', launchMode: 'env-proxy' }
+  const { server, port, sessionId } = await startProcessProxy({})
+  const proxyUrl = getLocalProxyUrl(port)
   const launchMode = runtime.launchMode === 'node-inject'
     ? 'local-api + connect-fallback + node-inject'
-    : 'local-api + connect-fallback'
+    : 'whole-process-proxy + local-api'
 
   const env = {
     ...process.env,
     ANTHROPIC_API_KEY: undefined,
     ANTHROPIC_AUTH_TOKEN: apiKey,
-    // Route ALL Anthropic API traffic exclusively through ANTHROPIC_BASE_URL.
-    // HTTP(S)_PROXY must NOT be set: it causes Claude Code to open CONNECT
-    // tunnels to api.anthropic.com, bypassing CRS multi-account scheduling.
     ANTHROPIC_BASE_URL: proxyUrl,
     CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC: '1',
     HOLYSHEEP_CLAUDE_PROCESS_PROXY: '1',
@@ -91,10 +88,12 @@ async function runClaude(args = []) {
     HS_PROXY_URL: proxyUrl,
     HOLYSHEEP_CLAUDE_RUNTIME_KIND: runtime.kind || 'unknown',
     HOLYSHEEP_CLAUDE_LAUNCH_MODE: launchMode,
-    HTTP_PROXY: undefined,
-    HTTPS_PROXY: undefined,
-    ALL_PROXY: undefined,
-    NO_PROXY: undefined,
+    HTTP_PROXY: proxyUrl,
+    HTTPS_PROXY: proxyUrl,
+    ALL_PROXY: proxyUrl,
+    NO_PROXY: mergeNoProxy(process.env.NO_PROXY, ['127.0.0.1', 'localhost']),
+    ANTHROPIC_MAX_RETRIES: '0',
+    MAX_RETRIES: '0',
   }
 
   // 不再写 settings.json — 只用 env 变量，避免 Claude Code 从两个来源

package/src/tools/claude-process-proxy.js

@@ -161,11 +161,83 @@ function deriveNodeProxyUrl(lease) {
 function forwardViaNodeProxy({ nodeProxyUrl, targetUrl, clientReq, clientRes, extraHeaders = {} }) {
   const upstream = new URL(nodeProxyUrl)
   return new Promise((resolve, reject) => {
-    const forwardReq = http.request({
+    let settled = false
+    let responseTimer = null
+    let stallTimer = null
+    let sawUpstreamResponse = false
+    let sawUpstreamData = false
+    let forwardReq = null
+
+    const clearResponseTimer = () => {
+      if (responseTimer) {
+        clearTimeout(responseTimer)
+        responseTimer = null
+      }
+    }
+
+    const clearStallTimer = () => {
+      if (stallTimer) {
+        clearTimeout(stallTimer)
+        stallTimer = null
+      }
+    }
+
+    const clearTimers = () => {
+      clearResponseTimer()
+      clearStallTimer()
+    }
+
+    const finish = () => {
+      if (settled) return
+      settled = true
+      clearTimers()
+      resolve()
+    }
+
+    const failWithAnthropicError = (message) => {
+      if (settled) return
+      settled = true
+      clearTimers()
+      if (forwardReq && !forwardReq.destroyed) {
+        forwardReq.destroy()
+      }
+      if (!clientRes.headersSent && !clientRes.destroyed) {
+        clientRes.writeHead(400, { 'content-type': 'application/json; charset=utf-8' })
+        clientRes.end(JSON.stringify({
+          type: 'error',
+          error: {
+            type: 'client_validation_error',
+            message,
+          },
+        }))
+        return resolve()
+      }
+      reject(new Error(message))
+    }
+
+    const fail = (error) => {
+      const err = error instanceof Error ? error : new Error(String(error || 'Proxy error'))
+      return failWithAnthropicError(err.message || 'Proxy error')
+    }
+
+    const armResponseTimer = () => {
+      if (settled || sawUpstreamResponse || responseTimer) return
+      responseTimer = setTimeout(() => failWithAnthropicError('upstream response timeout'), RESPONSE_TIMEOUT_MS)
+    }
+
+    const armStallTimer = () => {
+      if (settled) return
+      sawUpstreamData = true
+      clearStallTimer()
+      stallTimer = setTimeout(() => failWithAnthropicError('upstream stream stalled'), STALL_TIMEOUT_MS)
+    }
+
+    forwardReq = http.request({
       host: upstream.hostname,
       port: Number(upstream.port || 80),
       method: clientReq.method,
       path: targetUrl.toString(),
+      agent: false,
       headers: {
         ...clientReq.headers,
         ...extraHeaders,
@@ -173,22 +245,45 @@ function forwardViaNodeProxy({ nodeProxyUrl, targetUrl, clientReq, clientRes, ex
         connection: 'close',
       },
     }, (forwardRes) => {
+      sawUpstreamResponse = true
+      clearResponseTimer()
+
       const status = forwardRes.statusCode || 502
       if (status === 403 || status === 502 || status === 503) {
-        // 收集响应体用于错误消息，不透传给客户端
         const chunks = []
         forwardRes.on('data', (c) => chunks.push(c))
         forwardRes.on('end', () => {
+          if (settled) return
+          settled = true
+          clearTimers()
           const body = Buffer.concat(chunks).toString('utf8')
           reject(createForwardError(status, body))
         })
+        forwardRes.on('error', fail)
         return
       }
+
       clientRes.writeHead(status, forwardRes.headers)
+      forwardRes.on('data', armStallTimer)
+      forwardRes.once('end', () => {
+        clearStallTimer()
+        finish()
+      })
+      forwardRes.once('close', () => {
+        clearStallTimer()
+        finish()
+      })
+      forwardRes.once('error', fail)
       forwardRes.pipe(clientRes)
-      resolve()
     })
-    forwardReq.once('error', reject)
+
+    forwardReq.setTimeout(RESPONSE_TIMEOUT_MS, () => {
+      if (!sawUpstreamResponse) failWithAnthropicError('upstream response timeout')
+    })
+    forwardReq.once('error', fail)
+    clientReq.once('aborted', () => finish())
+
+    armResponseTimer()
     clientReq.pipe(forwardReq)
   })
 }
@@ -202,6 +297,7 @@ function createConnectTunnel(proxyUrl, target, headers) {
       method: 'CONNECT',
       path: target,
       headers,
+      agent: false,
       timeout: 15000, // CONNECT 握手 15 秒超时
     })
 
@@ -221,11 +317,11 @@ function createConnectTunnel(proxyUrl, target, headers) {
   })
 }
 
-// 等上游返回 first byte 的最大时间。Claude 长上下文（>200K tokens）的 prefill 时间
-// 可以达到 30-90 秒，120 秒留了充足裕量。默认 120 秒，可通过环境变量
-// HS_CLAUDE_RESPONSE_TIMEOUT_MS 覆盖。旧值 300 秒导致异常时用户感知卡 5 分钟。
-const RESPONSE_TIMEOUT_MS = Number(process.env.HS_CLAUDE_RESPONSE_TIMEOUT_MS) || 120000
-// 上游 stream 已开始后，相邻两个 chunk 之间的最大间隔（覆盖 extended thinking 间歇）。
+// 等上游返回 first byte 的最大时间。
+// 这里不能默认等 5 分钟，否则上游/代理链路卡死时，用户会感觉每次下一条请求都被“挂住”。
+// 默认快速失败为 15 秒，仍可通过环境变量覆盖。
+const RESPONSE_TIMEOUT_MS = Number(process.env.HS_CLAUDE_RESPONSE_TIMEOUT_MS) || 15000
+// 上游 stream 已开始后，相邻两个 chunk 之间的最大间隔。
 const STALL_TIMEOUT_MS = Number(process.env.HS_CLAUDE_STALL_TIMEOUT_MS) || 120000
 
 function pipeWithCleanup(a, b) {
@@ -233,45 +329,57 @@ function pipeWithCleanup(a, b) {
     if (typeof sock.setKeepAlive === 'function') sock.setKeepAlive(true, 10000)
   }
 
-  // 双阶段超时：
-  // 1. 客户端发了数据，上游 RESPONSE_TIMEOUT_MS 没回第一个字节 → 断开（node proxy 挂了）
-  // 2. 上游在流数据突然停了 STALL_TIMEOUT_MS → 断开（stream 中断）
   let timer = null
+  let closed = false
   let streaming = false
-  const kill = (reason) => {
-    if (timer) clearTimeout(timer)
-    a.destroy(new Error(reason))
-    b.destroy(new Error(reason))
-  }
-  a.on('data', () => {
-    // 客户端发了数据（请求），等上游响应
-    if (!streaming) {
-      if (timer) clearTimeout(timer)
-      timer = setTimeout(() => kill('upstream response timeout'), RESPONSE_TIMEOUT_MS)
+
+  const clearTimer = () => {
+    if (timer) {
+      clearTimeout(timer)
+      timer = null
     }
-  })
-  b.on('data', () => {
-    // 上游回数据了，切换到 stream 模式
+  }
+
+  const destroySocket = (sock, err) => {
+    if (!sock || sock.destroyed) return
+    if (err) sock.destroy(err)
+    else sock.destroy()
+  }
+
+  const close = (reason) => {
+    if (closed) return
+    closed = true
+    clearTimer()
+    const err = reason ? new Error(reason) : null
+    destroySocket(a, err)
+    destroySocket(b, err)
+  }
+
+  const armResponseTimer = () => {
+    if (streaming || closed || timer) return
+    timer = setTimeout(() => close('upstream response timeout'), RESPONSE_TIMEOUT_MS)
+  }
+
+  const armStallTimer = () => {
+    if (closed) return
     streaming = true
-    // 每次收到数据重置 stall 超时
-    if (timer) clearTimeout(timer)
-    timer = setTimeout(() => kill('upstream stream stalled'), STALL_TIMEOUT_MS)
-  })
+    clearTimer()
+    timer = setTimeout(() => close('upstream stream stalled'), STALL_TIMEOUT_MS)
+  }
+
+  b.on('data', armStallTimer)
 
+  armResponseTimer()
   a.pipe(b)
   b.pipe(a)
-  const close = () => {
-    if (timer) clearTimeout(timer)
-    a.destroy()
-    b.destroy()
-  }
-  a.once('error', close)
-  b.once('error', close)
-  a.once('close', close)
-  b.once('close', close)
+
+  a.once('error', () => close())
+  b.once('error', () => close())
+  a.once('close', () => close())
+  b.once('close', () => close())
 }
 
-function createProcessProxyServer({ sessionId, configPath = CONFIG_PATH }) {
+function createProcessProxyServer({ sessionId, configPath = CONFIG_PATH, allowAnthropicConnect = false }) {
   const server = http.createServer(async (clientReq, clientRes) => {
     const isDirect = !clientReq.url.startsWith('http')
 
@@ -341,7 +449,7 @@ function createProcessProxyServer({ sessionId, configPath = CONFIG_PATH }) {
 
   // Hosts that must NOT be tunneled directly — they must go through CRS via
   // the HTTP path (ANTHROPIC_BASE_URL), not a CONNECT tunnel that bypasses it.
-  const BLOCKED_CONNECT = new Set(['api.anthropic.com'])
+  const BLOCKED_CONNECT = allowAnthropicConnect ? new Set() : new Set(['api.anthropic.com'])
 
   server.on('connect', async (req, clientSocket, head) => {
     const target = String(req.url || '').trim()
@@ -408,7 +516,7 @@ function createProcessProxyServer({ sessionId, configPath = CONFIG_PATH }) {
   return server
 }
 
-async function startProcessProxy({ port = null, sessionId = null, configPath = CONFIG_PATH } = {}) {
+async function startProcessProxy({ port = null, sessionId = null, configPath = CONFIG_PATH, allowAnthropicConnect = false } = {}) {
   const config = readConfig(configPath)
   const preferredPort = port || getProcessProxyPort(config)
   const effectiveSessionId = sessionId || crypto.randomUUID()
@@ -416,7 +524,7 @@ async function startProcessProxy({ port = null, sessionId = null, configPath = C
   // 启动时拿一次 lease，之后靠被动重试维持，不再主动续约
   await fetchFreshLease(config, effectiveSessionId)
 
-  const server = createProcessProxyServer({ sessionId: effectiveSessionId, configPath })
+  const server = createProcessProxyServer({ sessionId: effectiveSessionId, configPath, allowAnthropicConnect })
 
   return new Promise((resolve, reject) => {
     const tryListen = (p) => {