@simonyea/holysheep-cli 1.7.130 → 1.7.132

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@simonyea/holysheep-cli",
-  "version": "1.7.130",
+  "version": "1.7.132",
   "description": "Claude Code/Cursor/Cline API relay for China — ¥1=$1, WeChat/Alipay payment, no credit card, no VPN. One command setup for all AI coding tools.",
   "keywords": [
     "openai-china",

package/src/commands/claude.js

@@ -68,22 +68,19 @@ async function runClaude(args = []) {
     claudeCodeTool.writeSettings(settings)
   }
 
-  const { server, port, sessionId } = await startProcessProxy({})
-  const proxyUrl = getLocalProxyUrl(port)
   const runtime = typeof claudeCodeTool.detectClaudeRuntime === 'function'
     ? claudeCodeTool.detectClaudeRuntime()
     : { kind: 'unknown', launchMode: 'env-proxy' }
+  const { server, port, sessionId } = await startProcessProxy({})
+  const proxyUrl = getLocalProxyUrl(port)
   const launchMode = runtime.launchMode === 'node-inject'
     ? 'local-api + connect-fallback + node-inject'
-    : 'local-api + connect-fallback'
+    : 'whole-process-proxy + local-api'
 
   const env = {
     ...process.env,
     ANTHROPIC_API_KEY: undefined,
     ANTHROPIC_AUTH_TOKEN: apiKey,
-    // Route ALL Anthropic API traffic exclusively through ANTHROPIC_BASE_URL.
-    // HTTP(S)_PROXY must NOT be set: it causes Claude Code to open CONNECT
-    // tunnels to api.anthropic.com, bypassing CRS multi-account scheduling.
     ANTHROPIC_BASE_URL: proxyUrl,
     CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC: '1',
     HOLYSHEEP_CLAUDE_PROCESS_PROXY: '1',
@@ -91,10 +88,12 @@ async function runClaude(args = []) {
     HS_PROXY_URL: proxyUrl,
     HOLYSHEEP_CLAUDE_RUNTIME_KIND: runtime.kind || 'unknown',
     HOLYSHEEP_CLAUDE_LAUNCH_MODE: launchMode,
-    HTTP_PROXY: undefined,
-    HTTPS_PROXY: undefined,
-    ALL_PROXY: undefined,
-    NO_PROXY: undefined,
+    HTTP_PROXY: proxyUrl,
+    HTTPS_PROXY: proxyUrl,
+    ALL_PROXY: proxyUrl,
+    NO_PROXY: mergeNoProxy(process.env.NO_PROXY, ['127.0.0.1', 'localhost']),
+    ANTHROPIC_MAX_RETRIES: '0',
+    MAX_RETRIES: '0',
   }
 
   // 不再写 settings.json — 只用 env 变量，避免 Claude Code 从两个来源

package/src/tools/claude-process-proxy.js

@@ -47,6 +47,39 @@ function getControlPlaneUrl(config) {
 
 const leaseCache = new Map()
 const MAX_PROXY_RETRIES = 3
+const SLOW_PATH_LOG_MS = Number(process.env.HS_CLAUDE_SLOW_PATH_LOG_MS) || 5000
+
+function sanitizeUrl(value) {
+  if (!value) return ''
+  try {
+    const url = new URL(String(value))
+    return `${url.protocol}//${url.host}${url.pathname}`
+  } catch {
+    return String(value)
+  }
+}
+
+function logProxyTiming(event, details = {}) {
+  const payload = Object.fromEntries(
+    Object.entries(details).filter(([, value]) => value !== undefined && value !== null && value !== '')
+  )
+  console.error(`[hs-claude-proxy] ${event} ${JSON.stringify(payload)}`)
+}
+
+function createForwardTrace({ clientReq, targetUrl, nodeProxyUrl, sessionId, lease, attempt, isDirect }) {
+  return {
+    requestId: crypto.randomUUID().slice(0, 8),
+    sessionId,
+    nodeId: lease?.nodeId || '',
+    attempt,
+    isDirect,
+    method: clientReq?.method || '',
+    target: sanitizeUrl(targetUrl),
+    nodeProxy: sanitizeUrl(nodeProxyUrl),
+    leaseOpenMs: lease?._hsLeaseOpenMs,
+    leaseAgeMs: lease?._hsLeaseOpenedAt ? Date.now() - lease._hsLeaseOpenedAt : undefined,
+  }
+}
 
 function createForwardError(statusCode, body) {
   const error = new Error(`HTTP ${statusCode}: ${String(body || '').slice(0, 200)}`)
@@ -55,6 +88,16 @@ function createForwardError(statusCode, body) {
   return error
 }
 
+function createClientValidationErrorBody(message) {
+  return JSON.stringify({
+    type: 'error',
+    error: {
+      type: 'client_validation_error',
+      message,
+    },
+  })
+}
+
 function shouldRefreshLeaseAfterError(err) {
   const statusCode = Number(err?.statusCode || 0)
   const body = String(err?.body || err?.message || '')
@@ -87,6 +130,8 @@ function isRetryableNodeLeaseError(err) {
     'HTTP 503',
     'HTTP 504',
     'client_validation_error',
+    'upstream response timeout',
+    'upstream stream stalled',
     '不可用'
   ].some((token) => message.includes(token))
 }
@@ -107,6 +152,7 @@ async function fetchFreshLease(config, sessionId, options = {}) {
   const controlPlaneUrl = getControlPlaneUrl(config)
   if (!controlPlaneUrl) throw new Error('Claude relay control plane is not configured')
 
+  const startedAt = Date.now()
   const response = await fetch(`${controlPlaneUrl}/session/open`, {
     method: 'POST',
     headers: { 'content-type': 'application/json' },
@@ -124,6 +170,17 @@ async function fetchFreshLease(config, sessionId, options = {}) {
   if (!response.ok || !payload?.success || !payload?.data?.ticket) {
     throw new Error(payload?.error?.message || `Failed to open Claude session (HTTP ${response.status})`)
   }
+  const openedAt = Date.now()
+  payload.data._hsLeaseOpenMs = openedAt - startedAt
+  payload.data._hsLeaseOpenedAt = openedAt
+  if (payload.data._hsLeaseOpenMs >= SLOW_PATH_LOG_MS) {
+    logProxyTiming('lease.open', {
+      sessionId,
+      nodeId: payload.data.nodeId || '',
+      leaseOpenMs: payload.data._hsLeaseOpenMs,
+      forceReassign: options.forceReassign === true,
+    })
+  }
   leaseCache.set(sessionId, payload.data)
   return payload.data
 }
@@ -158,14 +215,110 @@ function deriveNodeProxyUrl(lease) {
   return upstream.toString().replace(/\/+$/, '')
 }
 
-function forwardViaNodeProxy({ nodeProxyUrl, targetUrl, clientReq, clientRes, extraHeaders = {} }) {
+function forwardViaNodeProxy({ nodeProxyUrl, targetUrl, clientReq, clientRes, extraHeaders = {}, trace = null }) {
   const upstream = new URL(nodeProxyUrl)
   return new Promise((resolve, reject) => {
-    const forwardReq = http.request({
+    const requestStartedAt = Date.now()
+    const resolvedTrace = trace || createForwardTrace({
+      clientReq,
+      targetUrl,
+      nodeProxyUrl,
+      sessionId: clientReq.headers['x-hs-session-id'] || '',
+      lease: null,
+      attempt: 0,
+      isDirect: !String(clientReq.url || '').startsWith('http'),
+    })
+    let settled = false
+    let responseTimer = null
+    let stallTimer = null
+    let sawUpstreamResponse = false
+    let sawUpstreamData = false
+    let forwardReq = null
+    let upstreamAssignedAt = null
+    let firstByteAt = null
+
+    const clearResponseTimer = () => {
+      if (responseTimer) {
+        clearTimeout(responseTimer)
+        responseTimer = null
+      }
+    }
+
+    const clearStallTimer = () => {
+      if (stallTimer) {
+        clearTimeout(stallTimer)
+        stallTimer = null
+      }
+    }
+
+    const clearTimers = () => {
+      clearResponseTimer()
+      clearStallTimer()
+    }
+
+    const finish = () => {
+      if (settled) return
+      settled = true
+      clearTimers()
+      const finishedAt = Date.now()
+      const totalMs = finishedAt - requestStartedAt
+      if (totalMs >= SLOW_PATH_LOG_MS) {
+        logProxyTiming('request.complete', {
+          ...resolvedTrace,
+          totalMs,
+          connectMs: upstreamAssignedAt ? upstreamAssignedAt - requestStartedAt : undefined,
+          firstByteMs: firstByteAt ? firstByteAt - requestStartedAt : undefined,
+          streamMs: firstByteAt ? finishedAt - firstByteAt : undefined,
+          bytesStarted: sawUpstreamData,
+        })
+      }
+      resolve()
+    }
+
+    const failWithAnthropicError = (message) => {
+      if (settled) return
+      settled = true
+      clearTimers()
+      const failedAt = Date.now()
+      logProxyTiming('request.fail', {
+        ...resolvedTrace,
+        totalMs: failedAt - requestStartedAt,
+        connectMs: upstreamAssignedAt ? upstreamAssignedAt - requestStartedAt : undefined,
+        firstByteMs: firstByteAt ? firstByteAt - requestStartedAt : undefined,
+        bytesStarted: sawUpstreamData,
+        error: message,
+      })
+      if (forwardReq && !forwardReq.destroyed) {
+        forwardReq.destroy()
+      }
+      const error = createForwardError(400, createClientValidationErrorBody(message))
+      error.message = message
+      reject(error)
+    }
+
+    const fail = (error) => {
+      const err = error instanceof Error ? error : new Error(String(error || 'Proxy error'))
+      return failWithAnthropicError(err.message || 'Proxy error')
+    }
+
+    const armResponseTimer = () => {
+      if (settled || sawUpstreamResponse || responseTimer) return
+      responseTimer = setTimeout(() => failWithAnthropicError('upstream response timeout'), RESPONSE_TIMEOUT_MS)
+    }
+
+    const armStallTimer = () => {
+      if (settled) return
+      sawUpstreamData = true
+      clearStallTimer()
+      stallTimer = setTimeout(() => failWithAnthropicError('upstream stream stalled'), STALL_TIMEOUT_MS)
+    }
+
+    forwardReq = http.request({
       host: upstream.hostname,
       port: Number(upstream.port || 80),
       method: clientReq.method,
       path: targetUrl.toString(),
+      agent: false,
       headers: {
         ...clientReq.headers,
         ...extraHeaders,
@@ -173,22 +326,68 @@ function forwardViaNodeProxy({ nodeProxyUrl, targetUrl, clientReq, clientRes, ex
         connection: 'close',
       },
     }, (forwardRes) => {
+      sawUpstreamResponse = true
+      clearResponseTimer()
+
       const status = forwardRes.statusCode || 502
       if (status === 403 || status === 502 || status === 503) {
-        // 收集响应体用于错误消息，不透传给客户端
         const chunks = []
         forwardRes.on('data', (c) => chunks.push(c))
         forwardRes.on('end', () => {
+          if (settled) return
+          settled = true
+          clearTimers()
           const body = Buffer.concat(chunks).toString('utf8')
-          reject(createForwardError(status, body))
+          const error = createForwardError(status, body)
+          logProxyTiming('request.upstream_error', {
+            ...resolvedTrace,
+            status,
+            totalMs: Date.now() - requestStartedAt,
+            body: String(body || '').slice(0, 200),
+          })
+          reject(error)
         })
+        forwardRes.on('error', fail)
         return
       }
+
+      upstreamAssignedAt = upstreamAssignedAt || Date.now()
       clientRes.writeHead(status, forwardRes.headers)
+      forwardRes.on('data', () => {
+        if (!firstByteAt) {
+          firstByteAt = Date.now()
+          logProxyTiming('request.first_byte', {
+            ...resolvedTrace,
+            firstByteMs: firstByteAt - requestStartedAt,
+          })
+        }
+        armStallTimer()
+      })
+      forwardRes.once('end', () => {
+        clearStallTimer()
+        finish()
+      })
+      forwardRes.once('close', () => {
+        clearStallTimer()
+        finish()
+      })
+      forwardRes.once('error', fail)
       forwardRes.pipe(clientRes)
-      resolve()
     })
-    forwardReq.once('error', reject)
+
+    forwardReq.on('socket', (socket) => {
+      upstreamAssignedAt = upstreamAssignedAt || Date.now()
+      socket.once('connect', () => {
+        upstreamAssignedAt = upstreamAssignedAt || Date.now()
+      })
+    })
+    forwardReq.setTimeout(RESPONSE_TIMEOUT_MS, () => {
+      if (!sawUpstreamResponse) failWithAnthropicError('upstream response timeout')
+    })
+    forwardReq.once('error', fail)
+    clientReq.once('aborted', () => finish())
+
+    armResponseTimer()
     clientReq.pipe(forwardReq)
   })
 }
@@ -202,6 +401,7 @@ function createConnectTunnel(proxyUrl, target, headers) {
       method: 'CONNECT',
       path: target,
       headers,
+      agent: false,
       timeout: 15000, // CONNECT 握手 15 秒超时
     })
 
@@ -221,11 +421,11 @@ function createConnectTunnel(proxyUrl, target, headers) {
   })
 }
 
-// 等上游返回 first byte 的最大时间。Claude 长上下文（>200K tokens）的 prefill 时间
-// 可以达到 30-90 秒，120 秒留了充足裕量。默认 120 秒，可通过环境变量
-// HS_CLAUDE_RESPONSE_TIMEOUT_MS 覆盖。旧值 300 秒导致异常时用户感知卡 5 分钟。
-const RESPONSE_TIMEOUT_MS = Number(process.env.HS_CLAUDE_RESPONSE_TIMEOUT_MS) || 120000
-// 上游 stream 已开始后，相邻两个 chunk 之间的最大间隔（覆盖 extended thinking 间歇）。
+// 等上游返回 first byte 的最大时间。
+// 这里不能默认等 5 分钟，否则上游/代理链路卡死时，用户会感觉每次下一条请求都被“挂住”。
+// 默认快速失败为 30 秒，仍可通过环境变量覆盖。
+const RESPONSE_TIMEOUT_MS = Number(process.env.HS_CLAUDE_RESPONSE_TIMEOUT_MS) || 30000
+// 上游 stream 已开始后，相邻两个 chunk 之间的最大间隔。
 const STALL_TIMEOUT_MS = Number(process.env.HS_CLAUDE_STALL_TIMEOUT_MS) || 120000
 
 function pipeWithCleanup(a, b) {
@@ -233,49 +433,61 @@ function pipeWithCleanup(a, b) {
     if (typeof sock.setKeepAlive === 'function') sock.setKeepAlive(true, 10000)
   }
 
-  // 双阶段超时：
-  // 1. 客户端发了数据，上游 RESPONSE_TIMEOUT_MS 没回第一个字节 → 断开（node proxy 挂了）
-  // 2. 上游在流数据突然停了 STALL_TIMEOUT_MS → 断开（stream 中断）
   let timer = null
+  let closed = false
   let streaming = false
-  const kill = (reason) => {
-    if (timer) clearTimeout(timer)
-    a.destroy(new Error(reason))
-    b.destroy(new Error(reason))
-  }
-  a.on('data', () => {
-    // 客户端发了数据（请求），等上游响应
-    if (!streaming) {
-      if (timer) clearTimeout(timer)
-      timer = setTimeout(() => kill('upstream response timeout'), RESPONSE_TIMEOUT_MS)
+
+  const clearTimer = () => {
+    if (timer) {
+      clearTimeout(timer)
+      timer = null
     }
-  })
-  b.on('data', () => {
-    // 上游回数据了，切换到 stream 模式
+  }
+
+  const destroySocket = (sock, err) => {
+    if (!sock || sock.destroyed) return
+    if (err) sock.destroy(err)
+    else sock.destroy()
+  }
+
+  const close = (reason) => {
+    if (closed) return
+    closed = true
+    clearTimer()
+    const err = reason ? new Error(reason) : null
+    destroySocket(a, err)
+    destroySocket(b, err)
+  }
+
+  const armResponseTimer = () => {
+    if (streaming || closed || timer) return
+    timer = setTimeout(() => close('upstream response timeout'), RESPONSE_TIMEOUT_MS)
+  }
+
+  const armStallTimer = () => {
+    if (closed) return
     streaming = true
-    // 每次收到数据重置 stall 超时
-    if (timer) clearTimeout(timer)
-    timer = setTimeout(() => kill('upstream stream stalled'), STALL_TIMEOUT_MS)
-  })
+    clearTimer()
+    timer = setTimeout(() => close('upstream stream stalled'), STALL_TIMEOUT_MS)
+  }
+
+  b.on('data', armStallTimer)
 
+  armResponseTimer()
   a.pipe(b)
   b.pipe(a)
-  const close = () => {
-    if (timer) clearTimeout(timer)
-    a.destroy()
-    b.destroy()
-  }
-  a.once('error', close)
-  b.once('error', close)
-  a.once('close', close)
-  b.once('close', close)
+
+  a.once('error', () => close())
+  b.once('error', () => close())
+  a.once('close', () => close())
+  b.once('close', () => close())
 }
 
-function createProcessProxyServer({ sessionId, configPath = CONFIG_PATH }) {
+function createProcessProxyServer({ sessionId, configPath = CONFIG_PATH, allowAnthropicConnect = false }) {
   const server = http.createServer(async (clientReq, clientRes) => {
     const isDirect = !clientReq.url.startsWith('http')
 
-    const doForward = async (lease) => {
+    const doForward = async (lease, attempt) => {
       const config = readConfig(configPath)
       const nodeProxyUrl = deriveNodeProxyUrl(lease)
 
@@ -288,19 +500,38 @@ function createProcessProxyServer({ sessionId, configPath = CONFIG_PATH }) {
           clientReq,
           clientRes,
           extraHeaders: buildAuthHeaders(config, lease),
+          trace: createForwardTrace({
+            clientReq,
+            targetUrl: target,
+            nodeProxyUrl,
+            sessionId,
+            lease,
+            attempt,
+            isDirect,
+          }),
         })
       }
 
+      const targetUrl = new URL(clientReq.url)
       const headers = {
         ...buildAuthHeaders(config, lease),
-        host: new URL(clientReq.url).host,
+        host: targetUrl.host,
       }
       return forwardViaNodeProxy({
         nodeProxyUrl,
-        targetUrl: new URL(clientReq.url),
+        targetUrl,
         clientReq,
         clientRes,
         extraHeaders: headers,
+        trace: createForwardTrace({
+          clientReq,
+          targetUrl,
+          nodeProxyUrl,
+          sessionId,
+          lease,
+          attempt,
+          isDirect,
+        }),
       })
     }
 
@@ -308,7 +539,7 @@ function createProcessProxyServer({ sessionId, configPath = CONFIG_PATH }) {
     for (let attempt = 0; attempt <= MAX_PROXY_RETRIES; attempt++) {
       try {
         if (attempt === 0) {
-          await doForward(getCachedLease(sessionId))
+          await doForward(getCachedLease(sessionId), attempt)
         } else {
           const config = readConfig(configPath)
           leaseCache.delete(sessionId)
@@ -318,12 +549,19 @@ function createProcessProxyServer({ sessionId, configPath = CONFIG_PATH }) {
           const freshLease = await fetchFreshLease(config, sessionId, {
             forceReassign: shouldRefreshLeaseAfterError(lastError),
           })
-          await doForward(freshLease)
+          await doForward(freshLease, attempt)
         }
         lastError = null
         break
       } catch (err) {
         lastError = err
+        logProxyTiming('request.retry', {
+          sessionId,
+          attempt,
+          error: String(err?.message || err),
+          retryable: isRetryableNodeLeaseError(err),
+          forceReassign: shouldRefreshLeaseAfterError(err),
+        })
         if (clientRes.headersSent) return
         if (!isRetryableNodeLeaseError(err) && attempt > 0) break
       }
@@ -341,7 +579,7 @@ function createProcessProxyServer({ sessionId, configPath = CONFIG_PATH }) {
 
   // Hosts that must NOT be tunneled directly — they must go through CRS via
   // the HTTP path (ANTHROPIC_BASE_URL), not a CONNECT tunnel that bypasses it.
-  const BLOCKED_CONNECT = new Set(['api.anthropic.com'])
+  const BLOCKED_CONNECT = allowAnthropicConnect ? new Set() : new Set(['api.anthropic.com'])
 
   server.on('connect', async (req, clientSocket, head) => {
     const target = String(req.url || '').trim()
@@ -408,7 +646,7 @@ function createProcessProxyServer({ sessionId, configPath = CONFIG_PATH }) {
   return server
 }
 
-async function startProcessProxy({ port = null, sessionId = null, configPath = CONFIG_PATH } = {}) {
+async function startProcessProxy({ port = null, sessionId = null, configPath = CONFIG_PATH, allowAnthropicConnect = false } = {}) {
   const config = readConfig(configPath)
   const preferredPort = port || getProcessProxyPort(config)
   const effectiveSessionId = sessionId || crypto.randomUUID()
@@ -416,7 +654,7 @@ async function startProcessProxy({ port = null, sessionId = null, configPath = C
   // 启动时拿一次 lease，之后靠被动重试维持，不再主动续约
   await fetchFreshLease(config, effectiveSessionId)
 
-  const server = createProcessProxyServer({ sessionId: effectiveSessionId, configPath })
+  const server = createProcessProxyServer({ sessionId: effectiveSessionId, configPath, allowAnthropicConnect })
 
   return new Promise((resolve, reject) => {
     const tryListen = (p) => {