npm - @simonyea/holysheep-cli - Versions diffs - 2.1.28 → 2.1.30 - Mend

@simonyea/holysheep-cli 2.1.28 → 2.1.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/package.json +1 -1
package/src/tools/claude-process-proxy.js +28 -7
package/src/tools/hermes.js +15 -2
package/src/tools/pty-hermes-wrapper.py +62 -9
package/src/webui/aionui-runtime-fetcher.js +3 -3

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@simonyea/holysheep-cli",
-  "version": "2.1.28",
+  "version": "2.1.30",
   "description": "Claude Code/Cursor/Cline API relay for China \u2014 \u00a51=$1, WeChat/Alipay payment, no credit card, no VPN. One command setup for all AI coding tools.",
   "scripts": {
     "test": "node tests/droid.test.js && node tests/workspace-store.test.js && node tests/runtime-stale-upgrade.test.js && node tests/hermes.test.js && node tests/preflight.test.js",

package/src/tools/claude-process-proxy.js CHANGED Viewed

@@ -205,6 +205,26 @@ function buildAuthHeaders(config, lease) {
   }
 }
+// [HolySheep fork v2.1.29 / hs22] Rewrite User-Agent away from claude-cli/*.
+// CRS enforces a "Claude Code CLI must use hs claude" policy keyed on UA —
+// when it sees claude-cli/* or claude-code/*, it 403s even with valid bridge
+// headers, under the assumption the user bypassed the wrapper. Every forward
+// path (node-proxy + direct-https fallback) now normalises UA to
+// holysheep-cli so the wrapper identity is preserved end-to-end.
+function sanitizeClaudeClientHeaders(headers, config) {
+  const out = { ...(headers || {}) }
+  for (const k of Object.keys(out)) {
+    if (/^x-forwarded-|^x-real-ip$|^forwarded$|^via$/i.test(k)) {
+      delete out[k]
+      continue
+    }
+    if (/^user-agent$/i.test(k) && /claude-cli|claude-code/i.test(String(out[k] || ''))) {
+      out[k] = `holysheep-cli/${(config && config.cliVersion) || 'process-proxy'} (hs-claude-proxy)`
+    }
+  }
+  return out
+}
 function deriveNodeProxyUrl(lease) {
   if (process.env.HS_CLAUDE_NODE_PROXY_OVERRIDE) {
     return String(process.env.HS_CLAUDE_NODE_PROXY_OVERRIDE).replace(/\/+$/, '')
@@ -244,12 +264,7 @@ function forwardDirectHttps({ config, lease, clientReq, clientRes, trace }) {
     // (or a proxy earlier in the chain could tag the request) and leak the
     // loopback origin / real client IP to api.holysheep.ai. The upstream
     // doesn't need them — it authenticates off bridge headers + API key.
-    const sanitized = { ...clientReq.headers }
-    for (const k of Object.keys(sanitized)) {
-      if (/^x-forwarded-|^x-real-ip$|^forwarded$|^via$/i.test(k)) {
-        delete sanitized[k]
-      }
-    }
+    const sanitized = sanitizeClaudeClientHeaders(clientReq.headers, config)
     const headers = {
       ...sanitized,
       ...buildAuthHeaders(config, lease),
@@ -375,8 +390,14 @@ function forwardViaNodeProxy({ nodeProxyUrl, targetUrl, clientReq, clientRes, ex
       stallTimer = setTimeout(() => failWithAnthropicError('upstream stream stalled'), STALL_TIMEOUT_MS)
     }
+    // [HolySheep fork v2.1.29 / hs22] Same UA-rewrite logic as forwardDirectHttps.
+    // Even when we go through node4:3129, the forward-proxy delivers the UA
+    // verbatim to upstream CRS; keeping claude-cli/* gets us 403.
+    // `extraHeaders` already contains bridge auth via buildAuthHeaders.
+    // `config` may be undefined here because forwardViaNodeProxy doesn't take
+    // one; use a minimal stub — cliVersion is optional.
     const finalHeaders = {
-      ...clientReq.headers,
+      ...sanitizeClaudeClientHeaders(clientReq.headers, { cliVersion: undefined }),
       ...extraHeaders,
       host: targetUrl.host,
       connection: 'close',

package/src/tools/hermes.js CHANGED Viewed

@@ -305,12 +305,25 @@ module.exports = {
     return isConfiguredInToml(readConfig())
   },
   configure(apiKey, _baseUrlAnthropic, baseUrlOpenAI, primaryModel /*, _selectedModels */) {
-    const merged = mergeConfig(apiKey, baseUrlOpenAI, primaryModel)
+    // [HolySheep fork v2.1.29 / hs22] Hermes talks to its provider via the
+    // OpenAI-compatible Chat Completions API (`/v1/chat/completions`), which
+    // the HolySheep CRS relay does NOT support for `claude-*` model IDs at
+    // the moment (returns 503 "Service temporarily unavailable"). Only the
+    // anthropic native `/v1/messages` path accepts Claude. GPT-family models
+    // work on both paths.
+    //
+    // To give users a usable hermes out of the box we pick a safe default
+    // here: if the caller passes a `claude-*` model, silently downgrade to
+    // gpt-5.4 (HolySheep's default GPT model) for hermes only. The TOML
+    // keeps the real choice so `hermes --provider holysheep --model claude-*`
+    // still works if the user overrides it later (and CRS fixes the upstream).
+    const hermesPrimaryModel = /^claude-/i.test(primaryModel || '') ? 'gpt-5.4' : (primaryModel || 'gpt-5.4')
+    const merged = mergeConfig(apiKey, baseUrlOpenAI, hermesPrimaryModel)
     writeConfig(merged)
     // [HolySheep fork v2.1.28 / hs21] Also patch config.yaml so the actual
     // agent runtime uses the right base_url. See CONFIG_YAML comment.
     try {
-      patchConfigYaml(apiKey, baseUrlOpenAI, primaryModel)
+      patchConfigYaml(apiKey, baseUrlOpenAI, hermesPrimaryModel)
     } catch (e) {
       // Non-fatal: hermes can still run on config.toml alone if the user
       // manually edits config.yaml. Surface via stderr for diagnosability.

package/src/tools/pty-hermes-wrapper.py CHANGED Viewed

@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 """
-[HolySheep fork v2.1.25 / hs19] Hermes ACP PTY wrapper.
+[HolySheep fork v2.1.29 / hs22] Hermes ACP PTY wrapper.
 Why: bun 1.3.9's subprocess.spawn with stdio:['pipe','pipe','pipe']
 passes sockets to the child. Python's asyncio.connect_write_pipe()
@@ -13,9 +13,22 @@ captures Python tracebacks separately. Master side pumps bytes between
 our (bun-spawned) stdin/stdout and the PTY, so bun reads through kernel
 PTY buffer which hermes's asyncio transport drives correctly.
-Disable ECHO on slave so stdin bytes are not echoed back as stdout bytes
-(the old BSD `script -q /dev/null` wrapper had this bug).
-Disable ONLCR so '\\n' is not rewritten to '\\r\\n'.
+CRITICAL: disable ICANON (canonical/line-buffered mode) on the slave.
+Default macOS/Linux PTY slaves have ICANON on, which means:
+  1. Input is buffered line-by-line and each line is capped at MAX_CANON
+     (1024B on macOS, ~4096B on Linux). Longer lines get truncated.
+  2. Special chars (^C, ^D, ^Z, erase/kill) are interpreted instead of
+     passed through — breaks JSON containing random bytes.
+ACP session/prompt JSON can exceed 4KB easily (system prompt + skill
+list + assistant rules). Before hs22 we only disabled ECHO + ONLCR, so
+id=1 (initialize, ~150B) and id=2/3 (newSession, setSessionMode, <400B)
+went through, but id=4 (prompt, ~4-8KB) was truncated by MAX_CANON —
+hermes got invalid JSON, returned an SDK error with empty data, our
+AcpAgentManager 60s fallback masked it. User saw "hermes thinks forever".
+Also disable ICRNL and IXON so we don't have \\r<->\\n rewriting or
+flow-control pauses on large bursts.
 Usage: python3 pty-hermes-wrapper.py
 HERMES_BIN is auto-resolved from $PATH; override via $HOLYSHEEP_HERMES_BIN.
@@ -39,9 +52,30 @@ def main() -> None:
     hermes_bin = _resolve_hermes_bin()
     master_fd, slave_fd = pty.openpty()
     attrs = termios.tcgetattr(slave_fd)
-    attrs[3] &= ~termios.ECHO
-    attrs[1] &= ~termios.ONLCR
+    # attrs = [iflag, oflag, cflag, lflag, ispeed, ospeed, cc]
+    # lflag (attrs[3]): disable canonical-mode line buffering, ECHO*, signal chars
+    attrs[3] &= ~(termios.ICANON | termios.ECHO | termios.ECHOE | termios.ECHOK
+                  | termios.ECHONL | termios.ISIG)
+    # iflag (attrs[0]): disable \r<->\n translation, XON/XOFF flow control,
+    # and parity checking (we carry raw bytes only).
+    attrs[0] &= ~(termios.ICRNL | termios.INLCR | termios.IGNCR | termios.IXON
+                  | termios.IXOFF | termios.ISTRIP | termios.IGNBRK | termios.BRKINT
+                  | termios.INPCK | termios.PARMRK)
+    # oflag (attrs[1]): disable post-processing (ONLCR \n -> \r\n, tabs, etc.)
+    attrs[1] &= ~termios.OPOST
+    # Non-blocking reads: return as soon as 1 byte is available.
+    attrs[6][termios.VMIN] = 1
+    attrs[6][termios.VTIME] = 0
     termios.tcsetattr(slave_fd, termios.TCSANOW, attrs)
+    # Best-effort: print the applied flags once so future regressions are
+    # easy to diagnose from hs web logs.
+    try:
+        sys.stderr.write(
+            f'[pty-hermes-wrapper] slave configured raw: ICANON off, ECHO off, OPOST off\n'
+        )
+        sys.stderr.flush()
+    except OSError:
+        pass
     pid = os.fork()
     if pid == 0:
@@ -103,9 +137,28 @@ def main() -> None:
                     except ProcessLookupError:
                         pass
                     break
-                try:
-                    os.write(master_fd, data)
-                except OSError:
+                # [HolySheep fork v2.1.29 / hs22] Diagnostic trace when enabled —
+                # emits one line per stdin chunk so we can see exactly what bun
+                # pushed to us and verify hermes received the full payload. Only
+                # active when HOLYSHEEP_PTY_TRACE=1 is set to avoid log flood.
+                if os.environ.get('HOLYSHEEP_PTY_TRACE') == '1':
+                    try:
+                        sys.stderr.write(f'[pty-hermes-wrapper] stdin chunk len={len(data)}\n')
+                        sys.stderr.flush()
+                    except OSError:
+                        pass
+                # Write in full — os.write may short-write on large buffers; loop.
+                total = 0
+                while total < len(data):
+                    try:
+                        n = os.write(master_fd, data[total:])
+                    except OSError:
+                        total = -1
+                        break
+                    if n <= 0:
+                        break
+                    total += n
+                if total < 0:
                     break
     finally:
         try:

package/src/webui/aionui-runtime-fetcher.js CHANGED Viewed

@@ -60,10 +60,10 @@ const VENDOR_DIR = path.join(__dirname, 'vendor', 'aionui')
 // new CLI release, the next `hs web` invocation on user machines will detect
 // the version drift and upgrade the cache in place.
 const DEFAULT_RUNTIME_URL =
-  'https://mail.holysheep.ai/app/cli/aionui-runtime-v1.9.18-holysheep-hs20.tar.gz'
+  'https://mail.holysheep.ai/app/cli/aionui-runtime-v1.9.18-holysheep-hs22.tar.gz'
 const DEFAULT_RUNTIME_SHA256 =
-  '99ddb768cacd223a13c77d716413032e913c8be2850e7dbccaf7ae52d0797e37'
-const DEFAULT_RUNTIME_VERSION = '1.9.18-holysheep-hs20'
+  '03e386ea83660b4074e29026dfc53be6ed01fcd51fa35a9379ed64a396e99f33'
+const DEFAULT_RUNTIME_VERSION = '1.9.18-holysheep-hs22'
 function isValidRuntimeDir(dir) {
   if (!dir) return false