npm - @simonyea/holysheep-cli - Versions diffs - 2.1.21 → 2.1.23 - Mend

@simonyea/holysheep-cli 2.1.21 → 2.1.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/package.json +1 -1
package/src/tools/claude-process-proxy.js +63 -4
package/src/webui/aionui-runtime-fetcher.js +3 -3
package/src/webui/aionui-wrapper.js +18 -6

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@simonyea/holysheep-cli",
-  "version": "2.1.21",
+  "version": "2.1.23",
   "description": "Claude Code/Cursor/Cline API relay for China \u2014 \u00a51=$1, WeChat/Alipay payment, no credit card, no VPN. One command setup for all AI coding tools.",
   "scripts": {
     "test": "node tests/droid.test.js && node tests/workspace-store.test.js && node tests/runtime-stale-upgrade.test.js && node tests/hermes.test.js && node tests/preflight.test.js",

package/src/tools/claude-process-proxy.js CHANGED Viewed

@@ -324,6 +324,26 @@ function forwardViaNodeProxy({ nodeProxyUrl, targetUrl, clientReq, clientRes, ex
       host: targetUrl.host,
       connection: 'close',
     }
+    // Build the forward-proxy path. CRS's per-node proxy at :3129 accepts an
+    // absolute URL as the HTTP/1.1 request target and rewrites the scheme
+    // internally. We ALWAYS send http:// in the path (even if targetUrl is
+    // https://) because:
+    //   1. node:3129 listens on plain HTTP and ignores the scheme of the
+    //      request-target — it reads `targetUrl = new URL(req.url)`,
+    //      validates hostname, and proxies upstream.
+    //   2. bun's `http.request` treats `path: 'https://...'` as a signal to
+    //      issue a CONNECT tunnel (instead of a plain absolute-URI forward
+    //      request), which silently drops the x-hs-* headers we injected
+    //      because they would only ride on the outer CONNECT, not the inner
+    //      TLS tunnel — yielding 403 'Missing bridge session headers'.
+    //      (Node's `http.request` does NOT have this behaviour; the bug is
+    //      bun-specific. Reproduced under bun 1.3.9 at AionUi's runtime.)
+    // Rewriting to http:// preserves correctness on both runtimes.
+    const forwardPath = (() => {
+      const clone = new URL(targetUrl.toString())
+      clone.protocol = 'http:'
+      return clone.toString()
+    })()
     if (ENABLE_TIMING_LOG) {
       const hsHeaders = Object.fromEntries(
         Object.entries(finalHeaders).filter(([k]) => /^x-hs-/i.test(k))
@@ -331,6 +351,7 @@ function forwardViaNodeProxy({ nodeProxyUrl, targetUrl, clientReq, clientRes, ex
       console.error(
         `[hs-claude-proxy] forward.headers ${JSON.stringify({
           target: sanitizeUrl(targetUrl),
+          forwardPath,
           node: sanitizeUrl(nodeProxyUrl),
           hsHeaders,
           clientHeadersKeys: Object.keys(clientReq.headers).slice(0, 20),
@@ -341,7 +362,7 @@ function forwardViaNodeProxy({ nodeProxyUrl, targetUrl, clientReq, clientRes, ex
       host: upstream.hostname,
       port: Number(upstream.port || 80),
       method: clientReq.method,
-      path: targetUrl.toString(),
+      path: forwardPath,
       agent: false,
       headers: finalHeaders,
     }, (forwardRes) => {
@@ -505,6 +526,17 @@ function pipeWithCleanup(a, b) {
 function createProcessProxyServer({ sessionId, configPath = CONFIG_PATH, allowAnthropicConnect = false }) {
   const server = http.createServer(async (clientReq, clientRes) => {
     const isDirect = !clientReq.url.startsWith('http')
+    if (ENABLE_TIMING_LOG) {
+      console.error(
+        `[hs-claude-proxy] incoming ${JSON.stringify({
+          method: clientReq.method,
+          url: String(clientReq.url).slice(0, 120),
+          ua: String(clientReq.headers['user-agent'] || '').slice(0, 60),
+          host: clientReq.headers.host || '',
+          isDirect,
+        })}`
+      )
+    }
     const doForward = async (lease, attempt) => {
       const config = readConfig(configPath)
@@ -602,6 +634,15 @@ function createProcessProxyServer({ sessionId, configPath = CONFIG_PATH, allowAn
   server.on('connect', async (req, clientSocket, head) => {
     const target = String(req.url || '').trim()
+    if (ENABLE_TIMING_LOG) {
+      console.error(
+        `[hs-claude-proxy] incoming.CONNECT ${JSON.stringify({
+          target: target.slice(0, 120),
+          ua: String(req.headers['user-agent'] || '').slice(0, 60),
+          headers: Object.keys(req.headers).slice(0, 20),
+        })}`
+      )
+    }
     const [host, rawPort] = target.split(':')
     const port = Number(rawPort || 443)
     if (!host || !Number.isInteger(port) || ![80, 443].includes(port)) {
@@ -698,14 +739,32 @@ async function closeSession(configPath, sessionId) {
   if (!sessionId) return
   const config = readConfig(configPath)
   const controlPlaneUrl = getControlPlaneUrl(config)
-  if (!controlPlaneUrl) return
+  if (!controlPlaneUrl) {
+    logProxyTiming('lease.close', { sessionId, skipped: 'no-control-plane' })
+    return
+  }
+  const startedAt = Date.now()
+  let status = 'unknown'
   try {
-    await fetch(`${controlPlaneUrl}/session/close`, {
+    const response = await fetch(`${controlPlaneUrl}/session/close`, {
       method: 'POST',
       headers: { 'content-type': 'application/json' },
       body: JSON.stringify({ sessionId }),
     })
-  } catch {}
+    status = response.ok ? 'ok' : `http_${response.status}`
+  } catch (err) {
+    status = `err_${err.name || 'unknown'}`
+  }
+  // Always log lease.close — unlike other events this isn't slow-path-gated
+  // because lease leaks silently accumulate on CRS, making it critical to
+  // observe every release attempt.
+  console.error(
+    `[hs-claude-proxy] lease.close ${JSON.stringify({
+      sessionId,
+      status,
+      durationMs: Date.now() - startedAt,
+    })}`
+  )
 }
 module.exports = {

package/src/webui/aionui-runtime-fetcher.js CHANGED Viewed

@@ -60,10 +60,10 @@ const VENDOR_DIR = path.join(__dirname, 'vendor', 'aionui')
 // new CLI release, the next `hs web` invocation on user machines will detect
 // the version drift and upgrade the cache in place.
 const DEFAULT_RUNTIME_URL =
-  'https://mail.holysheep.ai/app/cli/aionui-runtime-v1.9.18-holysheep-hs17.tar.gz'
+  'https://mail.holysheep.ai/app/cli/aionui-runtime-v1.9.18-holysheep-hs18.tar.gz'
 const DEFAULT_RUNTIME_SHA256 =
-  '28083f135503a27437750c8f692a2700c69f8253aaf19dff259af6d1517572f4'
-const DEFAULT_RUNTIME_VERSION = '1.9.18-holysheep-hs17'
+  '402739938fb30ddf09e31ed9fd64eb1453726cc062cc5d2ab8f3fbf19f7e6e66'
+const DEFAULT_RUNTIME_VERSION = '1.9.18-holysheep-hs18'
 function isValidRuntimeDir(dir) {
   if (!dir) return false

package/src/webui/aionui-wrapper.js CHANGED Viewed

@@ -609,21 +609,33 @@ async function startWrapper({ port, runtimeDir, runtimeVersion, runtimeSource, b
   // CLI package root containing package.json + src/.
   const cliRoot = path.resolve(__dirname, '..', '..')
   const wrapperVersion = require('../../package.json').version
+  // [HolySheep fork v2.1.23] Do NOT put HOLYSHEEP_API_KEY in env — any other
+  // process owned by the same user can read it via `ps ewww`. Instead, the
+  // fork side reads ~/.holysheep/config.json (already 0644 today; will be
+  // tightened to 0600 in the same release). Pass only the path hint.
+  const credPath = path.join(os.homedir(), '.holysheep', 'config.json')
+  try {
+    // Belt-and-suspenders: ensure the creds file is not world-readable.
+    if (fs.existsSync(credPath)) {
+      fs.chmodSync(credPath, 0o600)
+    }
+  } catch { /* best effort */ }
+  const sanitizedParentEnv = { ...process.env }
+  // If the parent process already had HOLYSHEEP_API_KEY in its env (e.g. the
+  // user exported it in their shell), DON'T propagate it — the fork reads
+  // the file instead. This closes the ps-leak vector for npm-global users.
+  delete sanitizedParentEnv.HOLYSHEEP_API_KEY
   const aionui = spawn(bunPath, ['dist-server/server.mjs'], {
     cwd: runtimeDir,
     env: {
-      ...process.env,
+      ...sanitizedParentEnv,
       PORT: String(internalPort),
       HOST: '127.0.0.1',
       ALLOW_REMOTE: '',
       NODE_ENV: 'production',
       HOLYSHEEP_CLI_ROOT: cliRoot,
       HOLYSHEEP_CLI_VERSION: wrapperVersion,
-      // Also forward the active HolySheep API key so the fork can surface it in
-      // Dashboard without going through /api/holysheep/status round-trip.
-      ...(process.env.HOLYSHEEP_API_KEY ? {} : (() => {
-        try { const k = require('../utils/config').getApiKey(); return k ? { HOLYSHEEP_API_KEY: k } : {} } catch { return {} }
-      })()),
+      HOLYSHEEP_CONFIG_PATH: credPath,
     },
     stdio: ['ignore', 'pipe', 'pipe'],
   })