@simonyea/holysheep-cli 1.7.49 → 1.7.51

package/README.md

@@ -225,6 +225,7 @@ A: OpenClaw 需要 Node.js 20+，运行 `node --version` 确认版本后重试
 
 ## Changelog
 
+- **v1.7.51** — 修复 `hs claude` 在 Claude Code 独立二进制版本上的整进程代理：自动识别脚本入口 / 独立二进制并切换到 `NODE_OPTIONS` 注入或 `HTTP(S)_PROXY` 模式；同时增强 `hs doctor` 的 Claude 代理诊断
 - **v1.6.14** — OpenClaw 新增 `gpt-5.3-codex-spark` 模型，通过本地 bridge 路由到 HolySheep `/v1`
 - **v1.6.13** — Codex 配置改为直接写 `api_key` 到 config.toml，不再依赖环境变量，修复 Windows 上 setup 后无需重启终端即可使用；同时精简工具列表，只保留 Claude Code / Codex / Droid / OpenClaw
 - **v1.6.12** — 修复 OpenClaw Bridge 对 GPT-5.4 的流式响应转换，避免 `holysheep/gpt-5.4` 在 OpenClaw 中报错；同时增强 Dashboard URL 解析，减少安装后浏览器打开黑屏/空白页

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@simonyea/holysheep-cli",
-  "version": "1.7.49",
+  "version": "1.7.51",
   "description": "Claude Code/Cursor/Cline API relay for China \u2014 \u00a51=$1, WeChat/Alipay payment, no credit card, no VPN. One command setup for all AI coding tools.",
   "keywords": [
     "openai-china",

package/src/commands/claude.js

@@ -18,6 +18,24 @@ const claudeCodeTool = require('../tools/claude-code')
 
 const INJECT_PATH = path.resolve(__dirname, '../tools/process-proxy-inject.js')
 
+function appendNodeRequire(existingValue, requirePath) {
+  const nextFlag = `--require ${requirePath}`
+  if (!existingValue) return nextFlag
+  return existingValue.includes(nextFlag) ? existingValue : `${existingValue} ${nextFlag}`.trim()
+}
+
+function mergeNoProxy(existingValue, extraHosts = []) {
+  const merged = new Set()
+  for (const chunk of String(existingValue || '').split(',')) {
+    const value = chunk.trim()
+    if (value) merged.add(value)
+  }
+  for (const host of extraHosts) {
+    if (host) merged.add(host)
+  }
+  return Array.from(merged).join(',')
+}
+
 function ensureClaudeProxyConfig(apiKey) {
   const config = readConfig()
   const next = claudeCodeTool.buildBridgeConfig(apiKey, BASE_URL_ANTHROPIC, {
@@ -44,6 +62,9 @@ async function runClaude(args = []) {
 
   const { server, port, sessionId } = await startProcessProxy({})
   const proxyUrl = getLocalProxyUrl(port)
+  const runtime = typeof claudeCodeTool.detectClaudeRuntime === 'function'
+    ? claudeCodeTool.detectClaudeRuntime()
+    : { kind: 'unknown', launchMode: 'env-proxy' }
 
   const env = {
     ...process.env,
@@ -53,12 +74,18 @@ async function runClaude(args = []) {
     CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC: '1',
     HOLYSHEEP_CLAUDE_PROCESS_PROXY: '1',
     HOLYSHEEP_CLAUDE_SESSION_ID: sessionId,
-    NODE_OPTIONS: `--require ${INJECT_PATH}`,
     HS_PROXY_URL: proxyUrl,
-    HTTP_PROXY: undefined,
-    HTTPS_PROXY: undefined,
-    ALL_PROXY: undefined,
-    NO_PROXY: undefined,
+    HOLYSHEEP_CLAUDE_RUNTIME_KIND: runtime.kind || 'unknown',
+    HOLYSHEEP_CLAUDE_LAUNCH_MODE: runtime.launchMode || 'env-proxy',
+  }
+
+  if (runtime.launchMode === 'node-inject') {
+    env.NODE_OPTIONS = appendNodeRequire(process.env.NODE_OPTIONS, INJECT_PATH)
+  } else {
+    env.HTTP_PROXY = proxyUrl
+    env.HTTPS_PROXY = proxyUrl
+    env.ALL_PROXY = proxyUrl
+    env.NO_PROXY = mergeNoProxy(process.env.NO_PROXY, ['127.0.0.1', 'localhost'])
   }
 
   const child = spawn('claude', args, {

package/src/commands/doctor.js

@@ -202,6 +202,9 @@ function printOpenClawDetails(tool, installState, nodeMajor) {
 
 function printClaudeProcessProxyDetails(tool) {
   const proxyConfig = typeof tool.getProcessProxyConfig === 'function' ? tool.getProcessProxyConfig() : {}
+  const runtime = typeof tool.detectClaudeRuntime === 'function'
+    ? tool.detectClaudeRuntime()
+    : { display: '未知', kind: 'unknown', launchMode: 'unknown', path: null }
   const relayUrl = proxyConfig.controlPlaneUrl || proxyConfig.relayUrl || BASE_URL_CLAUDE_RELAY
   const mode = proxyConfig.proxyMode || 'unknown'
   const hasBridgeSecret = Boolean(proxyConfig.bridgeSecret)
@@ -209,10 +212,19 @@ function printClaudeProcessProxyDetails(tool) {
   const hasProcessPort = Boolean(proxyConfig.processProxyPort)
   console.log(`    ${chalk.gray('↳')} ${chalk.gray(`Claude 启动方式：hs claude`)}`)
   console.log(`    ${chalk.gray('↳')} ${chalk.gray(`Claude 代理模式：${mode}`)}`)
+  console.log(`    ${chalk.gray('↳')} ${chalk.gray(`Claude 可执行类型：${runtime.display}`)}`)
+  console.log(`    ${chalk.gray('↳')} ${chalk.gray(`Claude 启动代理路径：${runtime.launchMode}`)}`)
   console.log(`    ${chalk.gray('↳')} ${chalk.gray(`Claude Relay: ${relayUrl || '未配置'}`)}`)
   console.log(`    ${hasBridgeSecret ? chalk.green('↳') : chalk.yellow('↳')} ${hasBridgeSecret ? chalk.green('Bridge secret 已配置') : chalk.yellow('Bridge secret 缺失')}`)
   console.log(`    ${hasBridgeIds ? chalk.green('↳') : chalk.yellow('↳')} ${hasBridgeIds ? chalk.green('Bridge ID / Device ID 已配置') : chalk.yellow('Bridge ID / Device ID 缺失')}`)
   console.log(`    ${hasProcessPort ? chalk.green('↳') : chalk.yellow('↳')} ${hasProcessPort ? chalk.green(`Claude process proxy 端口：${proxyConfig.processProxyPort}`) : chalk.yellow('Claude process proxy 端口缺失')}`)
+  if (runtime.path) {
+    console.log(`    ${chalk.gray('↳')} ${chalk.gray(`Claude 路径：${runtime.path}`)}`)
+  }
+  const nodeMajor = parseInt(process.version.slice(1), 10)
+  if (nodeMajor > 22) {
+    console.log(`    ${chalk.yellow('↳')} ${chalk.yellow(`当前 hs 运行在 ${process.version}；Claude 代理更建议使用 Node 20/22 LTS`)}`)
+  }
 }
 
 function maskKey(key) {

package/src/tools/claude-code.js

@@ -12,6 +12,7 @@ const fs = require('fs')
 const path = require('path')
 const os = require('os')
 const crypto = require('crypto')
+const { execSync } = require('child_process')
 const {
   BASE_URL_ANTHROPIC,
   BASE_URL_CLAUDE_RELAY,
@@ -55,6 +56,83 @@ function writeSettings(data) {
   fs.writeFileSync(SETTINGS_FILE, JSON.stringify(data, null, 2), 'utf8')
 }
 
+function resolveCommandPath(cmd) {
+  try {
+    if (process.platform === 'win32') {
+      const out = execSync(`where ${cmd}`, { stdio: 'pipe' }).toString().trim()
+      const first = out.split(/\r?\n/).find(Boolean)
+      return first ? fs.realpathSync(first) : null
+    }
+
+    const out = execSync(`which ${cmd}`, { stdio: 'pipe' }).toString().trim()
+    const first = out.split(/\r?\n/).find(Boolean)
+    return first ? fs.realpathSync(first) : null
+  } catch {
+    return null
+  }
+}
+
+function detectBinaryFormat(buffer) {
+  if (!buffer || buffer.length < 4) return null
+  if (buffer[0] === 0x23 && buffer[1] === 0x21) return 'script'
+
+  const magic = buffer.slice(0, 4).toString('hex')
+  if (magic === '7f454c46') return 'elf'
+  if (magic === 'feedface' || magic === 'feedfacf' || magic === 'cefaedfe' || magic === 'cffaedfe') return 'mach-o'
+  if (buffer[0] === 0x4d && buffer[1] === 0x5a) return 'pe'
+
+  return null
+}
+
+function detectClaudeRuntime() {
+  const executablePath = resolveCommandPath('claude')
+  if (!executablePath) {
+    return {
+      available: false,
+      path: null,
+      kind: 'missing',
+      launchMode: 'unknown',
+      display: '未找到 claude',
+    }
+  }
+
+  try {
+    const fd = fs.openSync(executablePath, 'r')
+    const buffer = Buffer.alloc(16)
+    fs.readSync(fd, buffer, 0, buffer.length, 0)
+    fs.closeSync(fd)
+
+    const format = detectBinaryFormat(buffer)
+    if (format === 'script') {
+      return {
+        available: true,
+        path: executablePath,
+        kind: 'script',
+        launchMode: 'node-inject',
+        display: '脚本入口（使用 NODE_OPTIONS 注入）',
+      }
+    }
+
+    if (format) {
+      return {
+        available: true,
+        path: executablePath,
+        kind: 'binary',
+        launchMode: 'env-proxy',
+        display: `独立二进制（${format}，使用 HTTP(S)_PROXY）`,
+      }
+    }
+  } catch {}
+
+  return {
+    available: true,
+    path: executablePath,
+    kind: 'unknown',
+    launchMode: 'env-proxy',
+    display: '未知入口类型（默认使用 HTTP(S)_PROXY）',
+  }
+}
+
 module.exports = {
   name: 'Claude Code',
   id: 'claude-code',
@@ -119,4 +197,5 @@ module.exports = {
     return readConfig()
   },
   buildBridgeConfig,
+  detectClaudeRuntime,
 }

package/src/tools/process-proxy-inject.js

@@ -1,8 +1,13 @@
 'use strict'
 /**
  * 进程级代理注入 — 通过 NODE_OPTIONS=--require 加载
- * patch sock.emit 拦截 'connect' 事件，强制所有 TCP 连接走 CONNECT 隧道
- * 无论 TLSSocket 用何种方式注册监听器都无法绕过
+ *
+ * Node.js v22+ 中 tls.connect / undici 不走 net.createConnection，
+ * 直接调用 net.Socket.prototype.connect，因此同时 patch 两者。
+ *
+ * 原理：将所有非本地 TCP 连接重定向到本地 bridge（CONNECT 代理），
+ * bridge 再通过 relay-control 分配的 node 节点出口，使 CRS 看到
+ * 可信的节点 IP。
  */
 const net = require('net')
 const { URL } = require('url')
@@ -21,54 +26,90 @@ const PROXY_HOST = parsed.hostname
 const PROXY_PORT = Number(parsed.port) || 80
 const SKIP = new Set(['127.0.0.1', '::1', 'localhost', '0.0.0.0', PROXY_HOST])
 
-const _orig = net.createConnection
+function shouldProxy(host, port) {
+  return !!(port && host && !SKIP.has(host))
+}
+
+function setupTunnel(sock, host, port, origEmit) {
+  sock.write(`CONNECT ${host}:${port} HTTP/1.1\r\nHost: ${host}:${port}\r\n\r\n`)
+  let buf = Buffer.alloc(0)
+  sock.on('data', function onData(chunk) {
+    buf = Buffer.concat([buf, chunk])
+    const i = buf.indexOf('\r\n\r\n')
+    if (i === -1) return
+    sock.removeListener('data', onData)
+    if (!buf.slice(0, i).toString().includes(' 200 ')) {
+      sock.emit = origEmit
+      sock.destroy(new Error(`CONNECT ${host}:${port} failed: ${buf.slice(0, buf.indexOf('\r\n')).toString()}`))
+      return
+    }
+    const rest = buf.slice(i + 4)
+    if (rest.length) sock.unshift(rest)
+    sock.emit = origEmit
+    origEmit('connect')
+  })
+}
+
+function patchEmitAndConnect(sock, host, port, connectFn) {
+  let tunnelReady = false
+  const origEmit = sock.emit.bind(sock)
+
+  sock.emit = function(type) {
+    if (type === 'connect' && !tunnelReady) {
+      tunnelReady = true
+      setupTunnel(sock, host, port, origEmit)
+      return false
+    }
+    return origEmit.apply(null, arguments)
+  }
+
+  return connectFn()
+}
+
+// ── patch net.Socket.prototype.connect (Node.js v22+ TLS / undici) ───────────
+const _origSocketConnect = net.Socket.prototype.connect
+
+net.Socket.prototype.connect = function(options) {
+  const isObj = options !== null && typeof options === 'object'
+  const host = isObj ? String(options.host || options.hostname || '') : String(options || '')
+  const port = isObj ? Number(options.port || 0) : Number(arguments[1] || 0)
+
+  if (!shouldProxy(host, port)) return _origSocketConnect.apply(this, arguments)
+
+  const sock = this
+  const proxyOpts = isObj
+    ? { ...options, host: PROXY_HOST, port: PROXY_PORT }
+    : { host: PROXY_HOST, port: PROXY_PORT }
+
+  return patchEmitAndConnect(sock, host, port, () =>
+    _origSocketConnect.call(sock, proxyOpts)
+  )
+}
+
+// ── patch net.createConnection (兼容直接调用的旧代码) ─────────────────────────
+const _origCreate = net.createConnection
 
 function proxied(options, cb) {
   const isObj = options !== null && typeof options === 'object'
-  const host = isObj
-    ? String(options.host || options.hostname || 'localhost')
-    : String(options || 'localhost')
-  const port = isObj
-    ? Number(options.port || 0)
-    : Number(arguments[1] || 0)
+  const host = isObj ? String(options.host || options.hostname || 'localhost') : String(options || 'localhost')
+  const port = isObj ? Number(options.port || 0) : Number(arguments[1] || 0)
 
-  if (!port || SKIP.has(host)) return _orig.apply(this, arguments)
+  if (!shouldProxy(host, port)) return _origCreate.apply(this, arguments)
+
+  const sock = _origCreate({ host: PROXY_HOST, port: PROXY_PORT })
+  if (typeof cb === 'function') sock.once('connect', cb)
 
-  const sock = _orig({ host: PROXY_HOST, port: PROXY_PORT })
   let tunnelReady = false
   const origEmit = sock.emit.bind(sock)
-
-  // patch emit 而不是 on/once：无论监听器怎么注册都能拦截
   sock.emit = function(type) {
     if (type === 'connect' && !tunnelReady) {
-      // proxy TCP 已建立，发起 CONNECT 隧道
-      sock.write(`CONNECT ${host}:${port} HTTP/1.1\r\nHost: ${host}:${port}\r\n\r\n`)
-      let buf = Buffer.alloc(0)
-      sock.on('data', function onData(chunk) {
-        buf = Buffer.concat([buf, chunk])
-        const i = buf.indexOf('\r\n\r\n')
-        if (i === -1) return
-        sock.removeListener('data', onData)
-        const header = buf.slice(0, i).toString()
-        if (!header.includes(' 200 ')) {
-          sock.emit = origEmit
-          sock.destroy(new Error(`CONNECT ${host}:${port} failed: ${header.split('\r\n')[0]}`))
-          return
-        }
-        const rest = buf.slice(i + 4)
-        if (rest.length) sock.unshift(rest)
-        // 隧道就绪：恢复 emit，触发所有注册的 connect 监听器（含 TLSSocket）
-        tunnelReady = true
-        sock.emit = origEmit
-        origEmit('connect')
-      })
+      tunnelReady = true
+      setupTunnel(sock, host, port, origEmit)
       return false
     }
-    // eslint-disable-next-line prefer-rest-params
     return origEmit.apply(null, arguments)
   }
 
-  if (typeof cb === 'function') sock.once('connect', cb)
   return sock
 }