@simonyea/holysheep-cli 2.1.38 → 2.1.41

package/src/tools/opencode.js

@@ -1,227 +0,0 @@
-/**
- * OpenCode 适配器 (anomalyco/opencode，原 sst/opencode)
- *
- * ⚠️ 重要：OpenCode 仓库已从 sst/opencode 迁移到 anomalyco/opencode
- * 全局配置文件: ~/.config/opencode/opencode.json (不是 config.json!)
- * 格式: JSON/JSONC，provider 配置格式如下:
- *
- * {
- *   "$schema": "https://opencode.ai/config.json",
- *   "model": "anthropic/claude-sonnet-4-5",
- *   "provider": {
- *     "anthropic": {
- *       "options": {
- *         "baseURL": "https://api.holysheep.ai/v1",
- *         "apiKey": "cr_xxx"
- *       }
- *     },
- *     "openai": {
- *       "options": {
- *         "baseURL": "https://api.holysheep.ai/v1",
- *         "apiKey": "cr_xxx"
- *       }
- *     }
- *   }
- * }
- *
- * 安装方式(推荐): brew install anomalyco/tap/opencode
- * 或: npm i -g opencode-ai@latest
- * 说明：OpenCode 的 anthropic provider 会自行拼接 /messages，
- * 因此这里必须写 /v1 基地址，最终才会落到 /v1/messages。
- * 官方文档: https://opencode.ai/docs/config
- */
-const fs = require('fs')
-const path = require('path')
-const os = require('os')
-
-function getConfigFile() {
-  const candidates = [
-    // 新版标准路径（官方文档）
-    path.join(os.homedir(), '.config', 'opencode', 'opencode.json'),
-    // 旧版路径兼容
-    path.join(os.homedir(), '.config', 'opencode', 'config.json'),
-    path.join(os.homedir(), '.opencode', 'opencode.json'),
-    path.join(os.homedir(), '.opencode', 'config.json'),
-    // Windows
-    path.join(os.homedir(), 'AppData', 'Roaming', 'opencode', 'opencode.json'),
-  ]
-  for (const f of candidates) {
-    if (fs.existsSync(f)) return f
-  }
-  // 默认路径（新版标准）
-  return path.join(os.homedir(), '.config', 'opencode', 'opencode.json')
-}
-
-function readConfig() {
-  const file = getConfigFile()
-  try {
-    if (fs.existsSync(file)) {
-      // 支持 JSONC（带注释的 JSON）— 只删行首注释，避免误删 URL 中的 //
-      const content = fs.readFileSync(file, 'utf8')
-      return JSON.parse(content.replace(/^\s*\/\/[^\n]*/gm, '').replace(/\/\*[\s\S]*?\*\//g, ''))
-    }
-  } catch {}
-  return {}
-}
-
-function writeConfig(data) {
-  const file = getConfigFile()
-  fs.mkdirSync(path.dirname(file), { recursive: true })
-  fs.writeFileSync(file, JSON.stringify(data, null, 2), 'utf8')
-}
-
-/**
- * [HolySheep fork v2.1.36 / hs25] OpenCode OAuth credential store paths.
- * OpenCode >=1.3.0 keeps `opencode auth login` tokens in auth.json. If an
- * Anthropic OAuth access token lives here, it OVERRIDES the config-file
- * `baseURL`, routing requests straight to api.anthropic.com — bypassing the
- * HolySheep relay. Symptom in the wild:
- *   "Third-party apps now draw from your extra usage, not your plan limits."
- * which is Anthropic's plan-limit string, i.e. the request never hit us.
- */
-function getAuthFileCandidates() {
-  const home = os.homedir()
-  if (process.platform === 'win32') {
-    return [
-      path.join(process.env.LOCALAPPDATA || path.join(home, 'AppData', 'Local'), 'opencode', 'auth.json'),
-      path.join(home, '.local', 'share', 'opencode', 'auth.json'),
-    ]
-  }
-  const xdg = process.env.XDG_DATA_HOME || path.join(home, '.local', 'share')
-  return [
-    path.join(xdg, 'opencode', 'auth.json'),
-    path.join(home, '.local', 'share', 'opencode', 'auth.json'),
-    path.join(home, 'Library', 'Application Support', 'opencode', 'auth.json'),
-  ]
-}
-
-/**
- * Strip `anthropic` and `openai` OAuth tokens from OpenCode's auth.json.
- * Uses `delete` on individual keys so other provider logins (github,
- * deepseek, zhipu, …) survive. Deletes the whole file if empty after purge.
- * Returns { touched: string[], keysAfter: string[] } for test assertions.
- */
-function purgeOauthAuth() {
-  const touched = []
-  let keysAfter = []
-  for (const file of getAuthFileCandidates()) {
-    try {
-      if (!fs.existsSync(file)) continue
-      const raw = fs.readFileSync(file, 'utf8')
-      let data
-      try { data = JSON.parse(raw) } catch { continue }
-      if (!data || typeof data !== 'object') continue
-
-      let changed = false
-      for (const key of ['anthropic', 'openai']) {
-        if (Object.prototype.hasOwnProperty.call(data, key)) {
-          delete data[key]
-          changed = true
-        }
-      }
-      if (!changed) continue
-
-      touched.push(file)
-      const remaining = Object.keys(data)
-      keysAfter = remaining
-      if (remaining.length === 0) {
-        try { fs.unlinkSync(file) } catch {}
-      } else {
-        fs.writeFileSync(file, JSON.stringify(data, null, 2), 'utf8')
-      }
-    } catch {
-      // best-effort
-    }
-  }
-  return { touched, keysAfter }
-}
-
-
-module.exports = {
-  name: 'OpenCode',
-  id: 'opencode',
-  checkInstalled() {
-    return require('../utils/which').commandExists('opencode')
-  },
-  isConfigured() {
-    const c = readConfig()
-    return !!(
-      c.provider?.anthropic?.options?.baseURL?.includes('holysheep') ||
-      c.provider?.openai?.options?.baseURL?.includes('holysheep')
-    )
-  },
-  configure(apiKey, baseUrlAnthropicNoV1, baseUrlOpenAI, primaryModel) {
-    // [HolySheep fork v2.1.36 / hs25] Strip any stale Anthropic/OpenAI OAuth
-    // tokens from OpenCode's auth.json BEFORE writing the config file, so
-    // the relay baseURL in opencode.json actually takes effect.
-    try { purgeOauthAuth() } catch {}
-    const config = readConfig()
-    if (!config.provider) config.provider = {}
-
-    // 设置 schema（方便编辑器自动补全）
-    if (!config['$schema']) config['$schema'] = 'https://opencode.ai/config.json'
-
-    // OpenCode 的 anthropic provider 需要 /v1 基地址，否则会打到 /messages 并返回 404。
-    config.provider.anthropic = {
-      options: {
-        baseURL: `${String(baseUrlAnthropicNoV1 || '').replace(/\/+$/, '')}/v1`,
-        apiKey,
-      },
-    }
-
-    // 配置 OpenAI provider（GPT 模型）
-    config.provider.openai = {
-      options: {
-        baseURL: baseUrlOpenAI,  // https://api.holysheep.ai/v1
-        apiKey,
-      },
-    }
-
-    // 设置默认模型
-    config.model = `anthropic/${primaryModel || 'claude-sonnet-4-6'}`
-
-    // [HolySheep fork v2.1.27 / hs20] Disable the giant OpenCode tools that
-    // blow the Anthropic request body past ~25 KB. When bodies exceed ~40 KB
-    // against the HolySheep relay, Anthropic returns a plan-limit error:
-    //   "Third-party apps now draw from your extra usage, not your plan limits"
-    // which OpenCode surfaces as a silent `stop_reason: end_turn` with
-    // zero tokens (class-C failure). Removing just the biggest schemas
-    // (todowrite ~8.8 KB, task ~4.4 KB, webfetch/skill smaller) brings
-    // bodies below the threshold while keeping bash/read/glob/grep/edit/write
-    // which are the core coding tools users actually need.
-    //
-    // Users who want these tools back can set HOLYSHEEP_OPENCODE_KEEP_ALL_TOOLS=1
-    // in their shell, or manually remove the entries from opencode.json.
-    if (!process.env.HOLYSHEEP_OPENCODE_KEEP_ALL_TOOLS) {
-      const tools = { ...(config.tools || {}) }
-      if (tools.todowrite === undefined) tools.todowrite = false
-      if (tools.todoread === undefined) tools.todoread = false
-      if (tools.task === undefined) tools.task = false
-      if (tools.skill === undefined) tools.skill = false
-      if (tools.webfetch === undefined) tools.webfetch = false
-      config.tools = tools
-    }
-
-    writeConfig(config)
-    return { file: getConfigFile(), hot: false }
-  },
-  reset() {
-    const config = readConfig()
-    if (config.provider) {
-      delete config.provider.anthropic
-      delete config.provider.openai
-    }
-    writeConfig(config)
-    // [HolySheep fork v2.1.36 / hs25] Also purge OAuth tokens so a subsequent
-    // reconfigure doesn't silently fall back to direct-to-Anthropic.
-    try { purgeOauthAuth() } catch {}
-  },
-  getConfigPath() { return getConfigFile() },
-  hint: '切换后重启 OpenCode 生效；配置文件: ~/.config/opencode/opencode.json',
-  launchCmd: 'opencode',
-  installCmd: 'brew install anomalyco/tap/opencode  # 或: npm i -g opencode-ai@latest',
-  docsUrl: 'https://opencode.ai',
-  // [HolySheep fork v2.1.36 / hs25] Exposed for tests — see tests/opencode-auth-purge.test.js
-  _purgeOauthAuth: purgeOauthAuth,
-  _getAuthFileCandidates: getAuthFileCandidates,
-}

package/src/tools/process-proxy-inject.js

@@ -1,142 +0,0 @@
-'use strict'
-/**
- * 进程级代理注入 — 通过 NODE_OPTIONS=--require 加载
- *
- * Node.js v22+ 中 tls.connect / undici 不走 net.createConnection，
- * 直接调用 net.Socket.prototype.connect，因此同时 patch 两者。
- *
- * 原理：将所有非本地 TCP 连接重定向到本地 bridge（CONNECT 代理），
- * bridge 再通过 relay-control 分配的 node 节点出口，使 CRS 看到
- * 可信的节点 IP。
- */
-const net = require('net')
-const { URL } = require('url')
-
-const raw = process.env.HS_PROXY_URL
-if (!raw) return
-
-let parsed
-try {
-  parsed = new URL(raw)
-} catch {
-  return
-}
-
-const PROXY_HOST = parsed.hostname
-const PROXY_PORT = Number(parsed.port) || 80
-const SKIP = new Set(['127.0.0.1', '::1', 'localhost', '0.0.0.0', PROXY_HOST])
-// 阻断直连 Anthropic — 强制 Claude Code 走 ANTHROPIC_BASE_URL (HTTP 路径 → proxy → CRS)
-// CONNECT 隧道因 TLS SNI 不匹配无法改写目标，只能阻断
-const BLOCK = new Set(['api.anthropic.com'])
-
-function shouldProxy(host, port) {
-  if (!port || !host || SKIP.has(host)) return false
-  if (BLOCK.has(host)) return 'block'
-  return true
-}
-
-// api.anthropic.com → api.holysheep.ai，让 CONNECT 隧道也走 CRS 多账号调度
-// 否则 CONNECT 隧道直达 Anthropic，绕过 CRS，单 token 直连容易触发 429
-function rewriteHost(host) {
-  if (host === 'api.anthropic.com') return 'api.holysheep.ai'
-  return host
-}
-
-function setupTunnel(sock, host, port, origEmit) {
-  const targetHost = rewriteHost(host)
-  sock.write(`CONNECT ${targetHost}:${port} HTTP/1.1\r\nHost: ${targetHost}:${port}\r\n\r\n`)
-  let buf = Buffer.alloc(0)
-  sock.on('data', function onData(chunk) {
-    buf = Buffer.concat([buf, chunk])
-    const i = buf.indexOf('\r\n\r\n')
-    if (i === -1) return
-    sock.removeListener('data', onData)
-    if (!buf.slice(0, i).toString().includes(' 200 ')) {
-      sock.emit = origEmit
-      sock.destroy(new Error(`CONNECT ${host}:${port} failed: ${buf.slice(0, buf.indexOf('\r\n')).toString()}`))
-      return
-    }
-    const rest = buf.slice(i + 4)
-    if (rest.length) sock.unshift(rest)
-    sock.emit = origEmit
-    origEmit('connect')
-  })
-}
-
-function patchEmitAndConnect(sock, host, port, connectFn) {
-  let tunnelReady = false
-  const origEmit = sock.emit.bind(sock)
-
-  sock.emit = function(type) {
-    if (type === 'connect' && !tunnelReady) {
-      tunnelReady = true
-      setupTunnel(sock, host, port, origEmit)
-      return false
-    }
-    return origEmit.apply(null, arguments)
-  }
-
-  return connectFn()
-}
-
-// ── patch net.Socket.prototype.connect (Node.js v22+ TLS / undici) ───────────
-const _origSocketConnect = net.Socket.prototype.connect
-
-net.Socket.prototype.connect = function(options) {
-  const isObj = options !== null && typeof options === 'object'
-  const host = isObj ? String(options.host || options.hostname || '') : String(options || '')
-  const port = isObj ? Number(options.port || 0) : Number(arguments[1] || 0)
-
-  const action = shouldProxy(host, port)
-  if (!action) return _origSocketConnect.apply(this, arguments)
-  if (action === 'block') {
-    // 阻断直连 Anthropic，触发连接失败，Claude Code 会回退到 ANTHROPIC_BASE_URL
-    const sock = this
-    process.nextTick(() => sock.destroy(new Error(`ECONNREFUSED: blocked direct connection to ${host}`)))
-    return sock
-  }
-
-  const sock = this
-  const proxyOpts = isObj
-    ? { ...options, host: PROXY_HOST, port: PROXY_PORT }
-    : { host: PROXY_HOST, port: PROXY_PORT }
-
-  return patchEmitAndConnect(sock, host, port, () =>
-    _origSocketConnect.call(sock, proxyOpts)
-  )
-}
-
-// ── patch net.createConnection (兼容直接调用的旧代码) ─────────────────────────
-const _origCreate = net.createConnection
-
-function proxied(options, cb) {
-  const isObj = options !== null && typeof options === 'object'
-  const host = isObj ? String(options.host || options.hostname || 'localhost') : String(options || 'localhost')
-  const port = isObj ? Number(options.port || 0) : Number(arguments[1] || 0)
-
-  const action = shouldProxy(host, port)
-  if (!action) return _origCreate.apply(this, arguments)
-  if (action === 'block') {
-    const sock = new net.Socket()
-    process.nextTick(() => sock.destroy(new Error(`ECONNREFUSED: blocked direct connection to ${host}`)))
-    return sock
-  }
-
-  const sock = _origCreate({ host: PROXY_HOST, port: PROXY_PORT })
-  if (typeof cb === 'function') sock.once('connect', cb)
-
-  let tunnelReady = false
-  const origEmit = sock.emit.bind(sock)
-  sock.emit = function(type) {
-    if (type === 'connect' && !tunnelReady) {
-      tunnelReady = true
-      setupTunnel(sock, host, port, origEmit)
-      return false
-    }
-    return origEmit.apply(null, arguments)
-  }
-
-  return sock
-}
-
-net.createConnection = net.connect = proxied

package/src/utils/config.js

@@ -1,54 +0,0 @@
-/**
- * 本地配置管理 — 存储 API Key 和用户偏好
- * 配置文件: ~/.holysheep/config.json
- */
-const fs = require('fs')
-const path = require('path')
-const os = require('os')
-
-const CONFIG_DIR = path.join(os.homedir(), '.holysheep')
-const CONFIG_FILE = path.join(CONFIG_DIR, 'config.json')
-
-const BASE_URL_ANTHROPIC = 'https://api.holysheep.ai'         // 不带 /v1 (Anthropic SDK)
-const BASE_URL_OPENAI    = 'https://api.holysheep.ai/v1'      // 带 /v1 (OpenAI 兼容)
-const BASE_URL_CLAUDE_RELAY = process.env.HOLYSHEEP_CLAUDE_RELAY_URL || 'https://api.holysheep.ai/claude-relay'
-const SHOP_URL           = 'https://holysheep.ai'
-
-function ensureDir() {
-  if (!fs.existsSync(CONFIG_DIR)) {
-    fs.mkdirSync(CONFIG_DIR, { recursive: true })
-  }
-}
-
-function loadConfig() {
-  try {
-    if (fs.existsSync(CONFIG_FILE)) {
-      return JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf8'))
-    }
-  } catch {}
-  return {}
-}
-
-function saveConfig(data) {
-  ensureDir()
-  const current = loadConfig()
-  const merged = { ...current, ...data }
-  fs.writeFileSync(CONFIG_FILE, JSON.stringify(merged, null, 2))
-  return merged
-}
-
-function getApiKey() {
-  return loadConfig().apiKey || process.env.HOLYSHEEP_API_KEY || ''
-}
-
-module.exports = {
-  CONFIG_DIR,
-  CONFIG_FILE,
-  BASE_URL_ANTHROPIC,
-  BASE_URL_OPENAI,
-  BASE_URL_CLAUDE_RELAY,
-  SHOP_URL,
-  loadConfig,
-  saveConfig,
-  getApiKey,
-}