@simonyea/holysheep-cli 1.7.78 → 1.7.80

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@simonyea/holysheep-cli",
-  "version": "1.7.78",
+  "version": "1.7.80",
   "description": "Claude Code/Cursor/Cline API relay for China — ¥1=$1, WeChat/Alipay payment, no credit card, no VPN. One command setup for all AI coding tools.",
   "keywords": [
     "openai-china",

package/src/commands/claude.js

@@ -81,8 +81,9 @@ async function runClaude(args = []) {
     ...process.env,
     ANTHROPIC_API_KEY: undefined,
     ANTHROPIC_AUTH_TOKEN: apiKey,
-    // Force Anthropic API traffic through the local process proxy instead of
-    // relying on the Claude binary to honor HTTP(S)_PROXY on every code path.
+    // Route ALL Anthropic API traffic exclusively through ANTHROPIC_BASE_URL.
+    // HTTP(S)_PROXY must NOT be set: it causes Claude Code to open CONNECT
+    // tunnels to api.anthropic.com, bypassing CRS multi-account scheduling.
     ANTHROPIC_BASE_URL: proxyUrl,
     CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC: '1',
     HOLYSHEEP_CLAUDE_PROCESS_PROXY: '1',
@@ -90,10 +91,10 @@ async function runClaude(args = []) {
     HS_PROXY_URL: proxyUrl,
     HOLYSHEEP_CLAUDE_RUNTIME_KIND: runtime.kind || 'unknown',
     HOLYSHEEP_CLAUDE_LAUNCH_MODE: launchMode,
-    HTTP_PROXY: proxyUrl,
-    HTTPS_PROXY: proxyUrl,
-    ALL_PROXY: proxyUrl,
-    NO_PROXY: mergeNoProxy(process.env.NO_PROXY, ['127.0.0.1', 'localhost']),
+    HTTP_PROXY: undefined,
+    HTTPS_PROXY: undefined,
+    ALL_PROXY: undefined,
+    NO_PROXY: undefined,
   }
 
   // 不再写 settings.json — 只用 env 变量，避免 Claude Code 从两个来源

package/src/tools/claude-process-proxy.js

@@ -233,6 +233,10 @@ function createProcessProxyServer({ sessionId, configPath = CONFIG_PATH }) {
     }
   })
 
+  // Hosts that must NOT be tunneled directly — they must go through CRS via
+  // the HTTP path (ANTHROPIC_BASE_URL), not a CONNECT tunnel that bypasses it.
+  const BLOCKED_CONNECT = new Set(['api.anthropic.com'])
+
   server.on('connect', async (req, clientSocket, head) => {
     const target = String(req.url || '').trim()
     const [host, rawPort] = target.split(':')
@@ -242,6 +246,13 @@ function createProcessProxyServer({ sessionId, configPath = CONFIG_PATH }) {
       return clientSocket.destroy()
     }
 
+    if (BLOCKED_CONNECT.has(host)) {
+      // Block direct CONNECT tunnels to Anthropic — traffic must go through
+      // ANTHROPIC_BASE_URL so CRS can apply multi-account scheduling.
+      clientSocket.write('HTTP/1.1 403 Forbidden\r\ncontent-type: text/plain; charset=utf-8\r\n\r\nDirect tunnel to api.anthropic.com is blocked; use ANTHROPIC_BASE_URL path')
+      return clientSocket.destroy()
+    }
+
     const doConnect = async (lease) => {
       const upstreamSocket = await createConnectTunnel(
         deriveNodeProxyUrl(lease),

package/src/webui/server.js

@@ -55,8 +55,12 @@ async function validateApiKey(apiKey) {
   return res.status === 200
 }
 
-function getVersion(tool) {
-  if (typeof tool.getVersion === 'function') return tool.getVersion()
+const { exec } = require('child_process')
+
+function getVersionAsync(tool) {
+  if (typeof tool.getVersion === 'function') {
+    return Promise.resolve(tool.getVersion())
+  }
   const cmds = {
     'claude-code': 'claude --version',
     'codex': 'codex --version',
@@ -67,10 +71,13 @@ function getVersion(tool) {
     'aider': 'aider --version',
   }
   const cmd = cmds[tool.id]
-  if (!cmd) return null
-  try {
-    return execSync(cmd, { stdio: 'pipe', timeout: 10000 }).toString().trim().split('\n')[0].slice(0, 30)
-  } catch { return null }
+  if (!cmd) return Promise.resolve(null)
+  return new Promise(resolve => {
+    exec(cmd, { timeout: 5000 }, (err, stdout) => {
+      if (err) return resolve(null)
+      resolve(stdout.trim().split('\n')[0].slice(0, 30) || null)
+    })
+  })
 }
 
 function parseBody(req) {
@@ -141,17 +148,16 @@ let _latestVersion = null
 let _lastCheckTime = 0
 const UPDATE_CHECK_INTERVAL = 5 * 60 * 1000
 
-async function checkLatestVersion() {
+// Returns cached value immediately; fetches in background when cache is stale.
+function checkLatestVersion() {
   const now = Date.now()
-  if (_latestVersion && now - _lastCheckTime < UPDATE_CHECK_INTERVAL) return _latestVersion
-  try {
-    const r = await fetchWithRetry('https://registry.npmjs.org/@simonyea/holysheep-cli/latest', {}, 2)
-    if (r.ok) {
-      const data = await r.json()
-      _latestVersion = data.version || null
-      _lastCheckTime = now
-    }
-  } catch {}
+  if (now - _lastCheckTime >= UPDATE_CHECK_INTERVAL) {
+    _lastCheckTime = now // prevent concurrent fetches
+    fetchWithRetry('https://registry.npmjs.org/@simonyea/holysheep-cli/latest', {}, 2)
+      .then(r => r.ok ? r.json() : null)
+      .then(data => { if (data?.version) _latestVersion = data.version })
+      .catch(() => {})
+  }
   return _latestVersion
 }
 
@@ -160,10 +166,10 @@ checkLatestVersion()
 
 // ── API Handlers ─────────────────────────────────────────────────────────────
 
-async function handleStatus(_req, res) {
+function handleStatus(_req, res) {
   const apiKey = getApiKey()
   const config = loadConfig()
-  const latest = await checkLatestVersion()
+  const latest = checkLatestVersion()
   json(res, {
     loggedIn: !!apiKey,
     apiKey: apiKey ? maskKey(apiKey) : null,
@@ -280,21 +286,21 @@ async function handleDoctor(_req, res) {
 }
 
 async function handleTools(_req, res) {
-  const tools = TOOLS.map(t => {
+  const tools = await Promise.all(TOOLS.map(async t => {
     const installed = t.checkInstalled()
     return {
       id: t.id,
       name: t.name,
       installed,
       configured: installed ? (t.isConfigured?.() || false) : false,
-      version: installed ? getVersion(t) : null,
+      version: installed ? await getVersionAsync(t) : null,
       installCmd: t.installCmd,
       hint: t.hint || null,
       launchCmd: t.launchCmd || null,
       canAutoInstall: !!AUTO_INSTALL[t.id],
       canUpgrade: !!UPGRADABLE_TOOLS.find(u => u.id === t.id),
     }
-  })
+  }))
   json(res, tools)
 }