@vacbo/opencode-anthropic-fix 0.0.44 → 0.1.1

package/src/refresh-lock.test.ts

@@ -5,6 +5,8 @@ import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
 
 const baseDir = join(tmpdir(), `opencode-refresh-lock-test-${process.pid}`);
 const storagePath = join(baseDir, "anthropic-accounts.json");
+const DEFAULT_LOCK_TIMEOUT_MS = 15_000;
+const DEFAULT_STALE_LOCK_MS = 90_000;
 
 vi.mock("./storage.js", () => ({
   getStoragePath: () => storagePath,
@@ -26,13 +28,14 @@ describe("refresh-lock", () => {
     const lock = await acquireRefreshLock("acc-1");
     expect(lock.acquired).toBe(true);
     expect(lock.lockPath).toBeTruthy();
+    const lockPath = lock.lockPath!;
 
-    await releaseRefreshLock({ lockPath: lock.lockPath, owner: "wrong-owner" });
+    await releaseRefreshLock({ lockPath, owner: "wrong-owner" });
 
-    await expect(fs.stat(lock.lockPath)).resolves.toBeTruthy();
+    await expect(fs.stat(lockPath)).resolves.toBeTruthy();
 
     await releaseRefreshLock(lock);
-    await expect(fs.stat(lock.lockPath)).rejects.toMatchObject({
+    await expect(fs.stat(lockPath)).rejects.toMatchObject({
       code: "ENOENT",
     });
   });
@@ -43,9 +46,10 @@ describe("refresh-lock", () => {
       staleMs: 10_000,
     });
     expect(first.acquired).toBe(true);
+    const firstLockPath = first.lockPath!;
 
     const old = Date.now() / 1000 - 120;
-    await fs.utimes(first.lockPath, old, old);
+    await fs.utimes(firstLockPath, old, old);
 
     const second = await acquireRefreshLock("acc-2", {
       timeoutMs: 200,
@@ -65,28 +69,51 @@ describe("refresh-lock", () => {
     const second = await acquireRefreshLock("acc-3", {
       timeoutMs: 30,
       backoffMs: 5,
-      staleMs: 60_000,
+      staleMs: DEFAULT_STALE_LOCK_MS,
     });
     expect(second.acquired).toBe(false);
 
     await releaseRefreshLock(first);
   });
 
+  it("stale reaper does NOT steal a lock held for 60s", async () => {
+    const first = await acquireRefreshLock("acc-stable-refresh", {
+      timeoutMs: DEFAULT_LOCK_TIMEOUT_MS,
+    });
+    expect(first.acquired).toBe(true);
+    expect(first.lockPath).toBeTruthy();
+    const firstLockPath = first.lockPath!;
+
+    const sixtySecondsAgo = Date.now() / 1000 - 60;
+    await fs.utimes(firstLockPath, sixtySecondsAgo, sixtySecondsAgo);
+
+    const second = await acquireRefreshLock("acc-stable-refresh", {
+      timeoutMs: 30,
+      backoffMs: 5,
+      staleMs: DEFAULT_STALE_LOCK_MS,
+    });
+    expect(second.acquired).toBe(false);
+
+    await expect(fs.stat(firstLockPath)).resolves.toBeTruthy();
+    await releaseRefreshLock(first);
+  });
+
   it("does not release when inode changed even if owner matches", async () => {
     const first = await acquireRefreshLock("acc-4");
     expect(first.acquired).toBe(true);
+    const firstLockPath = first.lockPath!;
 
     // Replace lock file with a new inode that reuses owner text.
-    await fs.unlink(first.lockPath);
-    await fs.writeFile(first.lockPath, JSON.stringify({ owner: first.owner, createdAt: Date.now() }), {
+    await fs.unlink(firstLockPath);
+    await fs.writeFile(firstLockPath, JSON.stringify({ owner: first.owner, createdAt: Date.now() }), {
       encoding: "utf-8",
       mode: 0o600,
     });
 
     await releaseRefreshLock(first);
 
-    await expect(fs.stat(first.lockPath)).resolves.toBeTruthy();
+    await expect(fs.stat(firstLockPath)).resolves.toBeTruthy();
 
-    await fs.unlink(first.lockPath);
+    await fs.unlink(firstLockPath);
   });
 });

package/src/refresh-lock.ts

@@ -3,9 +3,9 @@ import { promises as fs } from "node:fs";
 import { dirname, join } from "node:path";
 import { getStoragePath } from "./storage.js";
 
-const DEFAULT_LOCK_TIMEOUT_MS = 2_000;
+const DEFAULT_LOCK_TIMEOUT_MS = 15_000;
 const DEFAULT_LOCK_BACKOFF_MS = 50;
-const DEFAULT_STALE_LOCK_MS = 20_000;
+const DEFAULT_STALE_LOCK_MS = 90_000;
 
 function delay(ms: number): Promise<void> {
   return new Promise((resolve) => setTimeout(resolve, ms));

package/src/request/body.history.test.ts

@@ -0,0 +1,398 @@
+// ---------------------------------------------------------------------------
+// Body transformation tests - TDD RED phase
+// Tests for tool name drift defense and body handling edge cases
+// ---------------------------------------------------------------------------
+
+import { describe, it, expect, vi } from "vitest";
+import {
+  transformRequestBody,
+  validateBodyType,
+  cloneBodyForRetry,
+  detectDoublePrefix,
+  extractToolNamesFromBody,
+} from "./body.js";
+import type { RuntimeContext, SignatureConfig } from "../types.js";
+
+const mockRuntime: RuntimeContext = {
+  persistentUserId: "user-123",
+  accountId: "acc-456",
+  sessionId: "sess-789",
+};
+
+const mockSignature: SignatureConfig = {
+  enabled: true,
+  claudeCliVersion: "0.2.45",
+  promptCompactionMode: "minimal",
+};
+
+describe("transformRequestBody - type validation", () => {
+  it("should reject undefined body without error", () => {
+    const result = transformRequestBody(undefined, mockSignature, mockRuntime);
+    expect(result).toBeUndefined();
+  });
+
+  it("should reject null body without error", () => {
+    const result = transformRequestBody(null as unknown as string, mockSignature, mockRuntime);
+    expect(result).toBeNull();
+  });
+
+  it("should reject non-string body with clear error", () => {
+    const invalidBodies = [123, {}, [], true, () => {}];
+
+    for (const body of invalidBodies) {
+      expect(() => transformRequestBody(body as unknown as string, mockSignature, mockRuntime)).toThrow(
+        /opencode-anthropic-auth: expected string body, got /,
+      );
+    }
+  });
+
+  it("should validate body type at runtime with descriptive error", () => {
+    const debugLog = vi.fn();
+    const body = { not: "a string" };
+
+    expect(() => transformRequestBody(body as unknown as string, mockSignature, mockRuntime, true, debugLog)).toThrow(
+      "opencode-anthropic-auth: expected string body, got object. This plugin does not support stream bodies. Please file a bug with the OpenCode version.",
+    );
+  });
+});
+
+describe("transformRequestBody - double-prefix defense", () => {
+  it("should detect and reject double-prefixed tool names (mcp_mcp_)", () => {
+    const body = JSON.stringify({
+      model: "claude-sonnet-4-20250514",
+      messages: [{ role: "user", content: "test" }],
+      tools: [
+        { name: "mcp_mcp_read_file", description: "Read a file" },
+        { name: "mcp_mcp_write_file", description: "Write a file" },
+      ],
+    });
+
+    expect(() => transformRequestBody(body, mockSignature, mockRuntime)).toThrow(
+      /Double tool prefix detected: mcp_mcp_/,
+    );
+  });
+
+  it("should detect double-prefix in tool_use blocks", () => {
+    const body = JSON.stringify({
+      model: "claude-sonnet-4-20250514",
+      messages: [
+        {
+          role: "assistant",
+          content: [{ type: "tool_use", name: "mcp_mcp_read_file", input: {} }],
+        },
+      ],
+    });
+
+    expect(() => transformRequestBody(body, mockSignature, mockRuntime)).toThrow(
+      /Double tool prefix detected in tool_use block/,
+    );
+  });
+
+  it("should double-prefix literal mcp_ tool definitions to preserve round-trip names", () => {
+    const body = JSON.stringify({
+      model: "claude-sonnet-4-20250514",
+      messages: [{ role: "user", content: "test" }],
+      tools: [{ name: "mcp_read_file", description: "Read a file" }],
+    });
+
+    const result = transformRequestBody(body, mockSignature, mockRuntime);
+    const parsed = JSON.parse(result!);
+
+    expect(parsed.tools[0].name).toBe("mcp_mcp_read_file");
+  });
+
+  it("should keep literal mcp_ tool definitions round-trip safe", () => {
+    const body = JSON.stringify({
+      model: "claude-sonnet-4-20250514",
+      tools: [
+        { name: "mcp_server1__tool1", description: "Tool 1" },
+        { name: "mcp_server2__tool2", description: "Tool 2" },
+      ],
+    });
+
+    const result = transformRequestBody(body, mockSignature, mockRuntime);
+    const parsed = JSON.parse(result!);
+
+    expect(parsed.tools[0].name).toBe("mcp_mcp_server1__tool1");
+    expect(parsed.tools[1].name).toBe("mcp_mcp_server2__tool2");
+  });
+});
+
+describe("transformRequestBody - body cloning for retries", () => {
+  it("should clone body before transformation to preserve original", () => {
+    const originalBody = JSON.stringify({
+      model: "claude-sonnet-4-20250514",
+      messages: [{ role: "user", content: "test" }],
+      tools: [{ name: "read_file", description: "Read a file" }],
+    });
+
+    const result1 = transformRequestBody(originalBody, mockSignature, mockRuntime);
+    const result2 = transformRequestBody(originalBody, mockSignature, mockRuntime);
+
+    // Both calls should produce identical results from same input
+    expect(result1).toBe(result2);
+
+    // Original should be unchanged
+    const parsedOriginal = JSON.parse(originalBody);
+    expect(parsedOriginal.tools[0].name).toBe("read_file");
+  });
+
+  it("should return empty bodies unchanged", () => {
+    expect(transformRequestBody("", mockSignature, mockRuntime)).toBe("");
+  });
+
+  it("should handle retry with same body multiple times", () => {
+    const body = JSON.stringify({
+      model: "claude-sonnet-4-20250514",
+      messages: [{ role: "user", content: "test" }],
+    });
+
+    // First attempt
+    const result1 = transformRequestBody(body, mockSignature, mockRuntime);
+    expect(result1).toBeDefined();
+
+    // Retry attempt - should work with same body
+    const result2 = transformRequestBody(body, mockSignature, mockRuntime);
+    expect(result2).toBeDefined();
+    expect(result1).toBe(result2);
+  });
+});
+
+describe("transformRequestBody - tool name handling", () => {
+  it("should add mcp_ prefix to unprefixed tool names", () => {
+    const body = JSON.stringify({
+      model: "claude-sonnet-4-20250514",
+      tools: [
+        { name: "read_file", description: "Read a file" },
+        { name: "write_file", description: "Write a file" },
+      ],
+    });
+
+    const result = transformRequestBody(body, mockSignature, mockRuntime);
+    const parsed = JSON.parse(result!);
+
+    expect(parsed.tools[0].name).toBe("mcp_read_file");
+    expect(parsed.tools[1].name).toBe("mcp_write_file");
+  });
+
+  it("should handle historical tool_use.name with prefix correctly", () => {
+    const body = JSON.stringify({
+      model: "claude-sonnet-4-20250514",
+      messages: [
+        {
+          role: "assistant",
+          content: [{ type: "tool_use", name: "mcp_read_file", input: { path: "/test" } }],
+        },
+      ],
+    });
+
+    const result = transformRequestBody(body, mockSignature, mockRuntime);
+    const parsed = JSON.parse(result!);
+
+    // Should preserve the prefixed name in historical context
+    expect(parsed.messages[0].content[0].name).toBe("mcp_read_file");
+  });
+
+  it("should handle mixed prefixed and unprefixed tools", () => {
+    const body = JSON.stringify({
+      model: "claude-sonnet-4-20250514",
+      tools: [
+        { name: "read_file", description: "Read" },
+        { name: "mcp_existing_tool", description: "Existing" },
+        { name: "write_file", description: "Write" },
+      ],
+    });
+
+    const result = transformRequestBody(body, mockSignature, mockRuntime);
+    const parsed = JSON.parse(result!);
+
+    expect(parsed.tools[0].name).toBe("mcp_read_file");
+    expect(parsed.tools[1].name).toBe("mcp_mcp_existing_tool");
+    expect(parsed.tools[2].name).toBe("mcp_write_file");
+  });
+});
+
+describe("transformRequestBody - structure preservation", () => {
+  it("should preserve all non-tool fields during transformation", () => {
+    const body = JSON.stringify({
+      model: "claude-sonnet-4-20250514",
+      max_tokens: 4096,
+      temperature: 0.7,
+      system: [{ type: "text", text: "You are helpful" }],
+      messages: [
+        { role: "user", content: "Hello" },
+        { role: "assistant", content: "Hi there" },
+      ],
+      metadata: { user_id: "test-user" },
+    });
+
+    const result = transformRequestBody(body, mockSignature, mockRuntime);
+    const parsed = JSON.parse(result!);
+
+    expect(parsed.model).toBe("claude-sonnet-4-20250514");
+    expect(parsed.max_tokens).toBe(4096);
+    expect(parsed.temperature).toBe(0.7);
+    expect(parsed.system.some((block: { text?: string }) => block.text === "You are helpful")).toBe(true);
+    expect(parsed.messages).toHaveLength(2);
+    expect(parsed.metadata.user_id).toContain('"device_id":"user-123"');
+    expect(parsed.metadata.user_id).toContain('"account_uuid":"acc-456"');
+    expect(parsed.metadata.user_id).toContain('"session_id":"sess-789"');
+  });
+
+  it("should handle request with body in input correctly", () => {
+    const body = JSON.stringify({
+      model: "claude-sonnet-4-20250514",
+      messages: [
+        {
+          role: "user",
+          content: [
+            { type: "text", text: "Process this" },
+            {
+              type: "tool_result",
+              tool_use_id: "tool_123",
+              content: "some result",
+            },
+          ],
+        },
+      ],
+    });
+
+    const result = transformRequestBody(body, mockSignature, mockRuntime);
+    const parsed = JSON.parse(result!);
+
+    expect(parsed.messages[0].content).toHaveLength(2);
+    expect(parsed.messages[0].content[0].type).toBe("text");
+    expect(parsed.messages[0].content[1].type).toBe("tool_result");
+  });
+
+  it("should preserve nested structures in tool input", () => {
+    const body = JSON.stringify({
+      model: "claude-sonnet-4-20250514",
+      messages: [
+        {
+          role: "assistant",
+          content: [
+            {
+              type: "tool_use",
+              name: "complex_tool",
+              input: {
+                nested: {
+                  deep: {
+                    value: "test",
+                    array: [1, 2, 3],
+                  },
+                },
+              },
+            },
+          ],
+        },
+      ],
+    });
+
+    const result = transformRequestBody(body, mockSignature, mockRuntime);
+    const parsed = JSON.parse(result!);
+
+    const toolUse = parsed.messages[0].content[0];
+    expect(toolUse.input.nested.deep.value).toBe("test");
+    expect(toolUse.input.nested.deep.array).toEqual([1, 2, 3]);
+  });
+});
+
+describe("validateBodyType", () => {
+  it("should return true for valid string body", () => {
+    expect(validateBodyType('{"test": true}')).toBe(true);
+  });
+
+  it("should return false for undefined", () => {
+    expect(validateBodyType(undefined)).toBe(false);
+  });
+
+  it("should return false for null", () => {
+    expect(validateBodyType(null as unknown as string)).toBe(false);
+  });
+
+  it("should return false for non-string types", () => {
+    expect(validateBodyType(123 as unknown as string)).toBe(false);
+    expect(validateBodyType({} as unknown as string)).toBe(false);
+    expect(validateBodyType([] as unknown as string)).toBe(false);
+  });
+
+  it("should throw with descriptive message when throwOnInvalid is true", () => {
+    expect(() => validateBodyType(123 as unknown as string, true)).toThrow(
+      "opencode-anthropic-auth: expected string body, got number. This plugin does not support stream bodies. Please file a bug with the OpenCode version.",
+    );
+  });
+});
+
+describe("cloneBodyForRetry", () => {
+  it("should return the same string value for retry", () => {
+    const original = '{"test": true}';
+    const cloned = cloneBodyForRetry(original);
+
+    expect(cloned).toBe(original);
+  });
+
+  it("should allow empty string bodies", () => {
+    expect(() => cloneBodyForRetry("")).not.toThrow();
+  });
+
+  it("should handle empty but valid body", () => {
+    expect(() => cloneBodyForRetry("{}")).not.toThrow();
+  });
+});
+
+describe("detectDoublePrefix", () => {
+  it("should detect mcp_mcp_ prefix", () => {
+    expect(detectDoublePrefix("mcp_mcp_read_file")).toBe(true);
+  });
+
+  it("should not detect single mcp_ prefix", () => {
+    expect(detectDoublePrefix("mcp_read_file")).toBe(false);
+  });
+
+  it("should not detect unprefixed names", () => {
+    expect(detectDoublePrefix("read_file")).toBe(false);
+  });
+
+  it("should detect triple prefix", () => {
+    expect(detectDoublePrefix("mcp_mcp_mcp_read_file")).toBe(true);
+  });
+});
+
+describe("extractToolNamesFromBody", () => {
+  it("should extract tool names from tools array", () => {
+    const body = JSON.stringify({
+      tools: [{ name: "tool1" }, { name: "tool2" }],
+    });
+
+    const names = extractToolNamesFromBody(body);
+    expect(names).toEqual(["tool1", "tool2"]);
+  });
+
+  it("should extract tool names from tool_use blocks", () => {
+    const body = JSON.stringify({
+      messages: [
+        {
+          content: [
+            { type: "tool_use", name: "tool1" },
+            { type: "text", text: "hello" },
+            { type: "tool_use", name: "tool2" },
+          ],
+        },
+      ],
+    });
+
+    const names = extractToolNamesFromBody(body);
+    expect(names).toEqual(["tool1", "tool2"]);
+  });
+
+  it("should return empty array for body without tools", () => {
+    const body = JSON.stringify({ messages: [] });
+    const names = extractToolNamesFromBody(body);
+    expect(names).toEqual([]);
+  });
+
+  it("should throw for invalid JSON", () => {
+    expect(() => extractToolNamesFromBody("not json")).toThrow();
+  });
+});