@simonyea/holysheep-cli 2.1.29 → 2.1.31

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@simonyea/holysheep-cli",
-  "version": "2.1.29",
+  "version": "2.1.31",
   "description": "Claude Code/Cursor/Cline API relay for China \u2014 \u00a51=$1, WeChat/Alipay payment, no credit card, no VPN. One command setup for all AI coding tools.",
   "scripts": {
     "test": "node tests/droid.test.js && node tests/workspace-store.test.js && node tests/runtime-stale-upgrade.test.js && node tests/hermes.test.js && node tests/preflight.test.js",

package/src/tools/claude-process-proxy.js

@@ -205,6 +205,26 @@ function buildAuthHeaders(config, lease) {
   }
 }
 
+// [HolySheep fork v2.1.29 / hs22] Rewrite User-Agent away from claude-cli/*.
+// CRS enforces a "Claude Code CLI must use hs claude" policy keyed on UA —
+// when it sees claude-cli/* or claude-code/*, it 403s even with valid bridge
+// headers, under the assumption the user bypassed the wrapper. Every forward
+// path (node-proxy + direct-https fallback) now normalises UA to
+// holysheep-cli so the wrapper identity is preserved end-to-end.
+function sanitizeClaudeClientHeaders(headers, config) {
+  const out = { ...(headers || {}) }
+  for (const k of Object.keys(out)) {
+    if (/^x-forwarded-|^x-real-ip$|^forwarded$|^via$/i.test(k)) {
+      delete out[k]
+      continue
+    }
+    if (/^user-agent$/i.test(k) && /claude-cli|claude-code/i.test(String(out[k] || ''))) {
+      out[k] = `holysheep-cli/${(config && config.cliVersion) || 'process-proxy'} (hs-claude-proxy)`
+    }
+  }
+  return out
+}
+
 function deriveNodeProxyUrl(lease) {
   if (process.env.HS_CLAUDE_NODE_PROXY_OVERRIDE) {
     return String(process.env.HS_CLAUDE_NODE_PROXY_OVERRIDE).replace(/\/+$/, '')
@@ -244,12 +264,7 @@ function forwardDirectHttps({ config, lease, clientReq, clientRes, trace }) {
     // (or a proxy earlier in the chain could tag the request) and leak the
     // loopback origin / real client IP to api.holysheep.ai. The upstream
     // doesn't need them — it authenticates off bridge headers + API key.
-    const sanitized = { ...clientReq.headers }
-    for (const k of Object.keys(sanitized)) {
-      if (/^x-forwarded-|^x-real-ip$|^forwarded$|^via$/i.test(k)) {
-        delete sanitized[k]
-      }
-    }
+    const sanitized = sanitizeClaudeClientHeaders(clientReq.headers, config)
     const headers = {
       ...sanitized,
       ...buildAuthHeaders(config, lease),
@@ -375,8 +390,14 @@ function forwardViaNodeProxy({ nodeProxyUrl, targetUrl, clientReq, clientRes, ex
       stallTimer = setTimeout(() => failWithAnthropicError('upstream stream stalled'), STALL_TIMEOUT_MS)
     }
 
+    // [HolySheep fork v2.1.29 / hs22] Same UA-rewrite logic as forwardDirectHttps.
+    // Even when we go through node4:3129, the forward-proxy delivers the UA
+    // verbatim to upstream CRS; keeping claude-cli/* gets us 403.
+    // `extraHeaders` already contains bridge auth via buildAuthHeaders.
+    // `config` may be undefined here because forwardViaNodeProxy doesn't take
+    // one; use a minimal stub — cliVersion is optional.
     const finalHeaders = {
-      ...clientReq.headers,
+      ...sanitizeClaudeClientHeaders(clientReq.headers, { cliVersion: undefined }),
       ...extraHeaders,
       host: targetUrl.host,
       connection: 'close',
@@ -595,6 +616,64 @@ function createProcessProxyServer({ sessionId, configPath = CONFIG_PATH, allowAn
       )
     }
 
+    // [HolySheep fork v2.1.30 / hs22b] Buffer the incoming request body ONCE
+    // so retries + direct-https fallback can re-send it. Before this, each
+    // retry called clientReq.pipe(forwardReq) on a stream that had already
+    // been consumed by the previous attempt, making the second/third/...
+    // retry (and the fallback) hit CRS with an EMPTY body — upstream
+    // responded 400 "model is required" and the user saw no reply. Only
+    // the very first (often doomed-to-ECONNREFUSED) attempt had the real
+    // body; every retry+fallback arrived empty.
+    //
+    // Buffer into memory before any forward. Typical claude-agent-acp
+    // POST bodies are 5-40 KB so this is fine. Override from wire type
+    // to Buffer so downstream functions can pipe(from body stream)
+    // multiple times by wrapping a fresh Readable each time.
+    let bufferedBody = null
+    if (clientReq.method && !['GET', 'HEAD', 'OPTIONS'].includes(clientReq.method.toUpperCase())) {
+      try {
+        const chunks = []
+        for await (const chunk of clientReq) chunks.push(chunk)
+        bufferedBody = Buffer.concat(chunks)
+      } catch (e) {
+        // client disconnected mid-read; bail out early.
+        if (!clientRes.headersSent) {
+          clientRes.writeHead(400, { 'content-type': 'text/plain' })
+          clientRes.end('client disconnected while uploading body: ' + (e && e.message))
+        }
+        return
+      }
+    }
+    // Shadow `clientReq` with a wrapper that yields a fresh Readable body
+    // stream each time `.pipe()` is called. This keeps the rest of the
+    // handler unchanged (node-proxy + direct-fallback both still use
+    // `clientReq.pipe(upstream)`).
+    const { Readable } = require('stream')
+    const makeBodyStream = () => {
+      if (bufferedBody === null) return null
+      const r = new Readable({ read() {} })
+      r.push(bufferedBody)
+      r.push(null)
+      return r
+    }
+    const originalClientReq = clientReq
+    clientReq = new Proxy(originalClientReq, {
+      get(target, prop, receiver) {
+        if (prop === 'pipe') {
+          return (dest, opts) => {
+            const s = makeBodyStream()
+            if (!s) {
+              // GET/HEAD — just end the dest
+              if (dest && typeof dest.end === 'function') dest.end()
+              return dest
+            }
+            return s.pipe(dest, opts)
+          }
+        }
+        return Reflect.get(target, prop, receiver)
+      },
+    })
+
     const doForward = async (lease, attempt) => {
       const config = readConfig(configPath)
       const nodeProxyUrl = deriveNodeProxyUrl(lease)