@simonyea/holysheep-cli 2.1.35 → 2.1.37

package/.gitea/workflows/sanity.yml

@@ -2,11 +2,6 @@ name: CI sanity
 
 # [HolySheep fork] Minimal Gitea-side CI for holysheep-cli.
 # Mirrors the sanity check pattern from holysheep-webui.
-# Runs on every push to main, guards against regressions in:
-#   - package.json version format
-#   - runtime fetcher URL/SHA/VERSION consistency
-#   - key source files present (claude-process-proxy, pty-hermes-wrapper, droid)
-#   - aionui-wrapper brand strings (must not contain [aionui-wrapper] prefix)
 
 on:
   push:
@@ -73,19 +68,26 @@ jobs:
         run: |
           set -e
           cd /opt/act_runner/deploy-cache/holysheep-cli
-          URL=$(grep "DEFAULT_RUNTIME_URL" src/webui/aionui-runtime-fetcher.js | grep -o "holysheep-hs[0-9]*" | head -1)
-          VER=$(grep "DEFAULT_RUNTIME_VERSION" src/webui/aionui-runtime-fetcher.js | grep -o "holysheep-hs[0-9]*" | head -1)
-          echo "URL tag: $URL"
-          echo "VERSION tag: $VER"
-          if [ -z "$URL" ] || [ -z "$VER" ]; then
-            echo "::error::DEFAULT_RUNTIME_URL or DEFAULT_RUNTIME_VERSION missing hs-tag"
+          # The URL value is on the line AFTER 'const DEFAULT_RUNTIME_URL ='
+          # Use node to read the values reliably
+          URL_TAG=$(node -e "
+            const fs = require('fs');
+            const content = fs.readFileSync('src/webui/aionui-runtime-fetcher.js', 'utf8');
+            const urlMatch = content.match(/DEFAULT_RUNTIME_URL\s*=\s*[\r\n\s]*'[^']*holysheep-(hs\d+)[^']*'/);
+            const verMatch = content.match(/DEFAULT_RUNTIME_VERSION\s*=\s*'[^']*holysheep-(hs\d+)[^']*'/);
+            if (!urlMatch || !verMatch) { process.stderr.write('PARSE_FAIL'); process.exit(1); }
+            if (urlMatch[1] !== verMatch[1]) {
+              process.stderr.write('MISMATCH: URL=' + urlMatch[1] + ' VER=' + verMatch[1]);
+              process.exit(1);
+            }
+            console.log(urlMatch[1]);
+          " 2>&1)
+          echo "URL/VERSION tag: $URL_TAG"
+          if [ -z "$URL_TAG" ] || echo "$URL_TAG" | grep -q "FAIL\|MISMATCH"; then
+            echo "::error::DEFAULT_RUNTIME_URL and DEFAULT_RUNTIME_VERSION hs-tags mismatch: $URL_TAG"
             exit 1
           fi
-          if [ "$URL" != "$VER" ]; then
-            echo "::error::URL tag ($URL) != VERSION tag ($VER) — run pack-runtime.mjs and update fetcher"
-            exit 1
-          fi
-          echo "  ok: URL and VERSION both reference $URL"
+          echo "  ok: URL and VERSION both reference $URL_TAG"
 
       - name: Invariant grep (brand + proxy)
         run: |

package/package.json

@@ -1,9 +1,9 @@
 {
   "name": "@simonyea/holysheep-cli",
-  "version": "2.1.35",
-  "description": "Claude Code/Cursor/Cline API relay for China — ¥1=$1, WeChat/Alipay payment, no credit card, no VPN. One command setup for all AI coding tools.",
+  "version": "2.1.37",
+  "description": "Claude Code/Cursor/Cline API relay for China \u2014 \u00a51=$1, WeChat/Alipay payment, no credit card, no VPN. One command setup for all AI coding tools.",
   "scripts": {
-    "test": "node tests/droid.test.js && node tests/workspace-store.test.js && node tests/runtime-stale-upgrade.test.js && node tests/hermes.test.js && node tests/preflight.test.js",
+    "test": "node tests/droid.test.js && node tests/workspace-store.test.js && node tests/runtime-stale-upgrade.test.js && node tests/hermes.test.js && node tests/preflight.test.js && node tests/opencode-auth-purge.test.js && node tests/shell-winpath.test.js",
     "prepublishOnly": "node scripts/check-tarball-size.js"
   },
   "keywords": [

package/src/tools/claude-process-proxy.js

@@ -100,12 +100,34 @@ function createClientValidationErrorBody(message) {
   })
 }
 
+// [HolySheep fork v2.1.36 / hs24] This is the ONLY trigger for switching to a
+// different node (via fetchFreshLease({forceReassign:true}) → control plane
+// drops Redis stickiness → chooseNode round-robins). It is NOT a generic retry
+// trigger — same-node retries don't need this.
+//
+// Previous versions returned true for any 403/503, which made the CLI tear
+// down 5-min session stickiness on every transient upstream hiccup (busy
+// account, momentary scheduler capacity, ticket timing) and bounced the
+// session node3↔node4↔node3 repeatedly. Bug surfaced as repeated lease.close
+// log lines and ~5s stalls.
+//
+// Fix: only force-reassign when upstream sends an EXPLICIT "switch node"
+// signal in the body. Other errors (403/503/ECONNREFUSED) stay on the same
+// node — the retry loop will either succeed after upstream recovers, or fall
+// through to direct-https fallback.
+//
+// IMPORTANT: we deliberately do NOT match bare `client_validation_error` —
+// forwardViaNodeProxy wraps local forward errors (ECONNREFUSED etc.) in a
+// client_validation_error body (see createClientValidationErrorBody), so
+// matching that type alone would fire false positives on local-level errors
+// that have nothing to do with node health. We only match specific messages
+// that upstream emits when it explicitly wants the CLI to pick a new node:
+//   - homi-crs internalRoutes.js:1025 ("当前代理节点 X 不可用")
+//   - homi-crs auth.js / internalRoutes.js ("Claude Code 必须使用 hs claude 指令启动")
+//   - control plane server.js ("No active Claude relay nodes are available")
 function shouldRefreshLeaseAfterError(err) {
-  const statusCode = Number(err?.statusCode || 0)
   const body = String(err?.body || err?.message || '')
-  if (statusCode === 403 || statusCode === 503) return true
   return (
-    body.includes('client_validation_error') ||
     body.includes('Claude Code 必须使用 hs claude 指令启动') ||
     body.includes('当前代理节点') ||
     body.includes('No active Claude relay nodes are available')
@@ -748,12 +770,27 @@ function createProcessProxyServer({ sessionId, configPath = CONFIG_PATH, allowAn
           await doForward(getCachedLease(sessionId), attempt)
         } else {
           const config = readConfig(configPath)
+          const prevLease = (() => { try { return leaseCache.get(sessionId) } catch { return null } })()
+          const forceReassign = shouldRefreshLeaseAfterError(lastError)
+          const retryReason = String(lastError?.body || lastError?.message || '').slice(0, 120)
+          // [HolySheep fork v2.1.36 / hs24] Emit structured breadcrumb so we
+          // can see whether the retry stayed on same node (sticky) or forced
+          // reassign. Previously invisible — made diagnosing node-bounce hard.
+          if (forceReassign) {
+            console.error(`[hs-claude-proxy] lease.force-reassign ${JSON.stringify({
+              sessionId, nodeId: prevLease?.nodeId || '', attempt, reason: retryReason,
+            })}`)
+          } else {
+            console.error(`[hs-claude-proxy] lease.sticky-hit ${JSON.stringify({
+              sessionId, nodeId: prevLease?.nodeId || '', attempt, retryReason,
+            })}`)
+          }
           leaseCache.delete(sessionId)
-          if (shouldRefreshLeaseAfterError(lastError)) {
+          if (forceReassign) {
             await closeSession(configPath, sessionId)
           }
           const freshLease = await fetchFreshLease(config, sessionId, {
-            forceReassign: shouldRefreshLeaseAfterError(lastError),
+            forceReassign,
           })
           await doForward(freshLease, attempt)
         }
@@ -875,12 +912,25 @@ function createProcessProxyServer({ sessionId, configPath = CONFIG_PATH, allowAn
           await doConnect(getCachedLease(sessionId))
         } else {
           const config = readConfig(configPath)
+          const prevLease = (() => { try { return leaseCache.get(sessionId) } catch { return null } })()
+          const forceReassign = shouldRefreshLeaseAfterError(lastError)
+          const retryReason = String(lastError?.body || lastError?.message || '').slice(0, 120)
+          // [HolySheep fork v2.1.36 / hs24] Same breadcrumb as HTTP retry loop.
+          if (forceReassign) {
+            console.error(`[hs-claude-proxy] lease.force-reassign ${JSON.stringify({
+              sessionId, nodeId: prevLease?.nodeId || '', attempt, reason: retryReason, path: 'CONNECT',
+            })}`)
+          } else {
+            console.error(`[hs-claude-proxy] lease.sticky-hit ${JSON.stringify({
+              sessionId, nodeId: prevLease?.nodeId || '', attempt, retryReason, path: 'CONNECT',
+            })}`)
+          }
           leaseCache.delete(sessionId)
-          if (shouldRefreshLeaseAfterError(lastError)) {
+          if (forceReassign) {
             await closeSession(configPath, sessionId)
           }
           const freshLease = await fetchFreshLease(config, sessionId, {
-            forceReassign: shouldRefreshLeaseAfterError(lastError),
+            forceReassign,
           })
           await doConnect(freshLease)
         }

package/src/tools/opencode.js

@@ -70,6 +70,73 @@ function writeConfig(data) {
   fs.writeFileSync(file, JSON.stringify(data, null, 2), 'utf8')
 }
 
+/**
+ * [HolySheep fork v2.1.36 / hs25] OpenCode OAuth credential store paths.
+ * OpenCode >=1.3.0 keeps `opencode auth login` tokens in auth.json. If an
+ * Anthropic OAuth access token lives here, it OVERRIDES the config-file
+ * `baseURL`, routing requests straight to api.anthropic.com — bypassing the
+ * HolySheep relay. Symptom in the wild:
+ *   "Third-party apps now draw from your extra usage, not your plan limits."
+ * which is Anthropic's plan-limit string, i.e. the request never hit us.
+ */
+function getAuthFileCandidates() {
+  const home = os.homedir()
+  if (process.platform === 'win32') {
+    return [
+      path.join(process.env.LOCALAPPDATA || path.join(home, 'AppData', 'Local'), 'opencode', 'auth.json'),
+      path.join(home, '.local', 'share', 'opencode', 'auth.json'),
+    ]
+  }
+  const xdg = process.env.XDG_DATA_HOME || path.join(home, '.local', 'share')
+  return [
+    path.join(xdg, 'opencode', 'auth.json'),
+    path.join(home, '.local', 'share', 'opencode', 'auth.json'),
+    path.join(home, 'Library', 'Application Support', 'opencode', 'auth.json'),
+  ]
+}
+
+/**
+ * Strip `anthropic` and `openai` OAuth tokens from OpenCode's auth.json.
+ * Uses `delete` on individual keys so other provider logins (github,
+ * deepseek, zhipu, …) survive. Deletes the whole file if empty after purge.
+ * Returns { touched: string[], keysAfter: string[] } for test assertions.
+ */
+function purgeOauthAuth() {
+  const touched = []
+  let keysAfter = []
+  for (const file of getAuthFileCandidates()) {
+    try {
+      if (!fs.existsSync(file)) continue
+      const raw = fs.readFileSync(file, 'utf8')
+      let data
+      try { data = JSON.parse(raw) } catch { continue }
+      if (!data || typeof data !== 'object') continue
+
+      let changed = false
+      for (const key of ['anthropic', 'openai']) {
+        if (Object.prototype.hasOwnProperty.call(data, key)) {
+          delete data[key]
+          changed = true
+        }
+      }
+      if (!changed) continue
+
+      touched.push(file)
+      const remaining = Object.keys(data)
+      keysAfter = remaining
+      if (remaining.length === 0) {
+        try { fs.unlinkSync(file) } catch {}
+      } else {
+        fs.writeFileSync(file, JSON.stringify(data, null, 2), 'utf8')
+      }
+    } catch {
+      // best-effort
+    }
+  }
+  return { touched, keysAfter }
+}
+
+
 module.exports = {
   name: 'OpenCode',
   id: 'opencode',
@@ -84,6 +151,10 @@ module.exports = {
     )
   },
   configure(apiKey, baseUrlAnthropicNoV1, baseUrlOpenAI, primaryModel) {
+    // [HolySheep fork v2.1.36 / hs25] Strip any stale Anthropic/OpenAI OAuth
+    // tokens from OpenCode's auth.json BEFORE writing the config file, so
+    // the relay baseURL in opencode.json actually takes effect.
+    try { purgeOauthAuth() } catch {}
     const config = readConfig()
     if (!config.provider) config.provider = {}
 
@@ -141,10 +212,16 @@ module.exports = {
       delete config.provider.openai
     }
     writeConfig(config)
+    // [HolySheep fork v2.1.36 / hs25] Also purge OAuth tokens so a subsequent
+    // reconfigure doesn't silently fall back to direct-to-Anthropic.
+    try { purgeOauthAuth() } catch {}
   },
   getConfigPath() { return getConfigFile() },
   hint: '切换后重启 OpenCode 生效；配置文件: ~/.config/opencode/opencode.json',
   launchCmd: 'opencode',
   installCmd: 'brew install anomalyco/tap/opencode  # 或: npm i -g opencode-ai@latest',
   docsUrl: 'https://opencode.ai',
+  // [HolySheep fork v2.1.36 / hs25] Exposed for tests — see tests/opencode-auth-purge.test.js
+  _purgeOauthAuth: purgeOauthAuth,
+  _getAuthFileCandidates: getAuthFileCandidates,
 }

package/src/utils/shell.js

@@ -116,6 +116,83 @@ function ensureWindowsUserPathHasNpmBin() {
   }
 }
 
+/**
+ * [HolySheep fork v2.1.36 / hs25] Same mechanism as
+ * `ensureWindowsUserPathHasNpmBin`, but targets `%USERPROFILE%\.local\bin`.
+ *
+ * Background: Claude Code's official Windows installer (irm
+ * https://claude.ai/install.ps1 | iex) drops `claude.exe` under
+ * `C:\Users\<user>\.local\bin` and prints a warning that this directory
+ * is NOT on PATH. Our CLI Manager page then calls `commandExists('claude')`
+ * which runs `where claude` — finds nothing — and reports 未安装, even
+ * though the install succeeded.
+ *
+ * This helper:
+ *   1. Persists `.local\bin` into the USER-level Path (so new terminals
+ *      see it too).
+ *   2. Appends it to `process.env.PATH` of the current process, so that
+ *      the very next `commandExists('claude')` call in the same Node
+ *      instance resolves correctly — no restart required.
+ *
+ * Returns a list of human-readable lines describing what was touched.
+ * No-op on non-Windows (returns []).
+ */
+function ensureWindowsUserPathHasLocalBin() {
+  if (process.platform !== 'win32') return []
+
+  const userProfile = process.env.USERPROFILE || os.homedir()
+  if (!userProfile) return []
+
+  const localBin = path.join(userProfile, '.local', 'bin')
+
+  let currentPath = ''
+  try {
+    currentPath = execSync(
+      'powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "[Environment]::GetEnvironmentVariable(\'Path\', \'User\')"',
+      { encoding: 'utf8', stdio: ['ignore', 'pipe', 'ignore'] }
+    ).trim()
+  } catch {
+    currentPath = process.env.PATH || ''
+  }
+
+  const parts = currentPath
+    .split(';')
+    .map((item) => item.trim())
+    .filter(Boolean)
+
+  const hasLocalBin = parts.some((item) => item.toLowerCase() === localBin.toLowerCase())
+
+  // Always also hot-patch the in-process PATH so the immediate follow-up
+  // `commandExists('claude')` check sees the new directory. This covers
+  // the (common) case where the persisted user PATH already has it but
+  // our own process was spawned before the PowerShell installer ran.
+  const procParts = (process.env.PATH || '').split(';').map((p) => p.trim()).filter(Boolean)
+  const inProcessHasIt = procParts.some((item) => item.toLowerCase() === localBin.toLowerCase())
+  if (!inProcessHasIt) {
+    process.env.PATH = [...procParts, localBin].join(';')
+  }
+
+  if (hasLocalBin) return inProcessHasIt ? [] : ['[当前进程 PATH] %USERPROFILE%\\.local\\bin']
+
+  const nextPath = [...parts, localBin].join(';')
+  try {
+    const escapedPath = nextPath.replace(/'/g, "''")
+    execSync(
+      `powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "[Environment]::SetEnvironmentVariable('Path', '${escapedPath}', 'User')"`,
+      { stdio: 'ignore' }
+    )
+    return ['[用户 PATH] %USERPROFILE%\\.local\\bin']
+  } catch {
+    try {
+      const chalk = require('chalk')
+      console.warn(chalk.yellow(
+        `  ⚠️  无法自动更新 PATH，请手动将以下路径加入系统环境变量 PATH：\n     ${localBin}`
+      ))
+    } catch {}
+    return []
+  }
+}
+
 function installWindowsCliShims() {
   if (process.platform !== 'win32') return []
 
@@ -259,6 +336,7 @@ module.exports = {
   writeEnvToShell,
   removeEnvFromShell,
   ensureWindowsUserPathHasNpmBin,
+  ensureWindowsUserPathHasLocalBin,
   installWindowsCliShims,
   removeWindowsUserEnvVars
 }

package/src/webui/aionui-runtime-fetcher.js

@@ -60,10 +60,10 @@ const VENDOR_DIR = path.join(__dirname, 'vendor', 'aionui')
 // new CLI release, the next `hs web` invocation on user machines will detect
 // the version drift and upgrade the cache in place.
 const DEFAULT_RUNTIME_URL =
-  'https://mail.holysheep.ai/app/cli/aionui-runtime-v1.9.18-holysheep-hs24.tar.gz'
+  'https://mail.holysheep.ai/app/cli/aionui-runtime-v1.9.18-holysheep-hs25.tar.gz'
 const DEFAULT_RUNTIME_SHA256 =
-  '8b3c4fa1bed93b938193321b1817c6e950cdbbfcef64c73a9283b3bb589a768c'
-const DEFAULT_RUNTIME_VERSION = '1.9.18-holysheep-hs24'
+  '9e2a47adf8a151c9ab6916d046ee9f268aa5f1589a961d1b0374b15508ed527b'
+const DEFAULT_RUNTIME_VERSION = '1.9.18-holysheep-hs25'
 
 function isValidRuntimeDir(dir) {
   if (!dir) return false

package/src/webui/server.js

@@ -677,9 +677,20 @@ async function handleToolInstall(req, res) {
   // non-Windows or when already present.
   if (ok && process.platform === 'win32') {
     try {
-      const { ensureWindowsUserPathHasNpmBin } = require('../utils/shell')
+      const { ensureWindowsUserPathHasNpmBin, ensureWindowsUserPathHasLocalBin } = require('../utils/shell')
       ensureWindowsUserPathHasNpmBin()
       sseEmit(res, { type: 'output', text: '\n✓ 已更新 Windows 用户 PATH（包含 npm global bin）\n' })
+      // [HolySheep fork v2.1.36 / hs25] Claude Code's Windows installer
+      // (claude.ai/install.ps1) drops claude.exe under
+      // `%USERPROFILE%\\.local\\bin` which is NOT on PATH by default — it
+      // prints a warning and exits, leaving our `commandExists` check to
+      // incorrectly report 未安装 even though the install succeeded.
+      if (toolId === 'claude-code') {
+        try {
+          ensureWindowsUserPathHasLocalBin()
+          sseEmit(res, { type: 'output', text: '\n✓ 已更新 Windows 用户 PATH（包含 %USERPROFILE%\\.local\\bin for Claude Code）\n' })
+        } catch {}
+      }
     } catch {}
     // Resolve the real install path via `where.exe` so the user sees
     // exactly where the binary landed. This was a high-signal 2.1.14