@simonyea/holysheep-cli 1.7.45 → 1.7.47

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@simonyea/holysheep-cli",
-  "version": "1.7.45",
+  "version": "1.7.47",
   "description": "Claude Code/Cursor/Cline API relay for China \u2014 \u00a51=$1, WeChat/Alipay payment, no credit card, no VPN. One command setup for all AI coding tools.",
   "keywords": [
     "openai-china",

package/src/commands/claude.js

@@ -1,5 +1,6 @@
 'use strict'
 
+const path = require('path')
 const { spawn } = require('child_process')
 const {
   BASE_URL_ANTHROPIC,
@@ -15,6 +16,8 @@ const {
 } = require('../tools/claude-process-proxy')
 const claudeCodeTool = require('../tools/claude-code')
 
+const INJECT_PATH = path.resolve(__dirname, '../tools/process-proxy-inject.js')
+
 function ensureClaudeProxyConfig(apiKey) {
   const config = readConfig()
   const next = claudeCodeTool.buildBridgeConfig(apiKey, BASE_URL_ANTHROPIC, {
@@ -46,10 +49,13 @@ async function runClaude(args = []) {
     ...process.env,
     ANTHROPIC_API_KEY: undefined,
     ANTHROPIC_AUTH_TOKEN: apiKey,
-    ANTHROPIC_BASE_URL: `http://127.0.0.1:${port}`,
+    ANTHROPIC_BASE_URL: BASE_URL_ANTHROPIC,
     CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC: '1',
     HOLYSHEEP_CLAUDE_PROCESS_PROXY: '1',
     HOLYSHEEP_CLAUDE_SESSION_ID: sessionId,
+    // 进程级代理注入：强制所有 TCP 连接走本地 bridge CONNECT 隧道
+    NODE_OPTIONS: `--require ${INJECT_PATH}`,
+    HS_PROXY_URL: proxyUrl,
     HTTP_PROXY: undefined,
     HTTPS_PROXY: undefined,
     ALL_PROXY: undefined,

package/src/tools/claude-process-proxy.js

@@ -152,37 +152,8 @@ function pipeWithCleanup(a, b) {
 
 function createProcessProxyServer({ sessionId, configPath = CONFIG_PATH }) {
   const server = http.createServer(async (clientReq, clientRes) => {
-    const isDirect = !clientReq.url.startsWith('http')
-
     const doForward = async (lease) => {
       const config = readConfig(configPath)
-
-      if (isDirect) {
-        const crsBase = config.baseUrlAnthropic || 'https://api.holysheep.ai'
-        const target = new URL(clientReq.url, crsBase)
-        const fwdHeaders = { ...clientReq.headers, ...buildAuthHeaders(config, lease), 'x-hs-node-proxied': '1', host: target.host }
-        const transport = target.protocol === 'https:' ? https : http
-        return new Promise((resolve, reject) => {
-          const fwd = transport.request({
-            hostname: target.hostname,
-            port: Number(target.port || (target.protocol === 'https:' ? 443 : 80)),
-            method: clientReq.method,
-            path: target.pathname + target.search,
-            headers: fwdHeaders,
-          }, (res) => {
-            if (res.statusCode === 401 || res.statusCode === 403) {
-              res.resume()
-              return reject(new Error(`Auth error ${res.statusCode}`))
-            }
-            clientRes.writeHead(res.statusCode || 502, res.headers)
-            res.pipe(clientRes)
-            resolve()
-          })
-          fwd.once('error', reject)
-          clientReq.pipe(fwd)
-        })
-      }
-
       const nodeProxyUrl = deriveNodeProxyUrl(lease)
       const headers = {
         ...buildAuthHeaders(config, lease),

package/src/tools/process-proxy-inject.js

@@ -0,0 +1,75 @@
+'use strict'
+/**
+ * 进程级代理注入 — 通过 NODE_OPTIONS=--require 加载
+ * patch sock.emit 拦截 'connect' 事件，强制所有 TCP 连接走 CONNECT 隧道
+ * 无论 TLSSocket 用何种方式注册监听器都无法绕过
+ */
+const net = require('net')
+const { URL } = require('url')
+
+const raw = process.env.HS_PROXY_URL
+if (!raw) return
+
+let parsed
+try {
+  parsed = new URL(raw)
+} catch {
+  return
+}
+
+const PROXY_HOST = parsed.hostname
+const PROXY_PORT = Number(parsed.port) || 80
+const SKIP = new Set(['127.0.0.1', '::1', 'localhost', '0.0.0.0', PROXY_HOST])
+
+const _orig = net.createConnection
+
+function proxied(options, cb) {
+  const isObj = options !== null && typeof options === 'object'
+  const host = isObj
+    ? String(options.host || options.hostname || 'localhost')
+    : String(options || 'localhost')
+  const port = isObj
+    ? Number(options.port || 0)
+    : Number(arguments[1] || 0)
+
+  if (!port || SKIP.has(host)) return _orig.apply(this, arguments)
+
+  const sock = _orig({ host: PROXY_HOST, port: PROXY_PORT })
+  let tunnelReady = false
+  const origEmit = sock.emit.bind(sock)
+
+  // patch emit 而不是 on/once：无论监听器怎么注册都能拦截
+  sock.emit = function(type) {
+    if (type === 'connect' && !tunnelReady) {
+      // proxy TCP 已建立，发起 CONNECT 隧道
+      sock.write(`CONNECT ${host}:${port} HTTP/1.1\r\nHost: ${host}:${port}\r\n\r\n`)
+      let buf = Buffer.alloc(0)
+      sock.on('data', function onData(chunk) {
+        buf = Buffer.concat([buf, chunk])
+        const i = buf.indexOf('\r\n\r\n')
+        if (i === -1) return
+        sock.removeListener('data', onData)
+        const header = buf.slice(0, i).toString()
+        if (!header.includes(' 200 ')) {
+          sock.emit = origEmit
+          sock.destroy(new Error(`CONNECT ${host}:${port} failed: ${header.split('\r\n')[0]}`))
+          return
+        }
+        const rest = buf.slice(i + 4)
+        if (rest.length) sock.unshift(rest)
+        // 隧道就绪：恢复 emit，触发所有注册的 connect 监听器（含 TLSSocket）
+        tunnelReady = true
+        sock.emit = origEmit
+        origEmit('connect')
+      })
+      return false
+    }
+    // eslint-disable-next-line prefer-rest-params
+    return origEmit.apply(null, arguments)
+  }
+
+  if (typeof cb === 'function') sock.once('connect', cb)
+  return sock
+}
+
+net.createConnection = net.connect = proxied