@vacbo/opencode-anthropic-fix 0.1.4 → 0.1.6

package/src/backoff.ts

@@ -4,6 +4,26 @@ const QUOTA_EXHAUSTED_BACKOFFS = [60_000, 300_000, 1_800_000, 7_200_000];
 const AUTH_FAILED_BACKOFF = 5_000;
 const RATE_LIMIT_EXCEEDED_BACKOFF = 30_000;
 const MIN_BACKOFF_MS = 2_000;
+const RETRIABLE_NETWORK_ERROR_CODES = new Set(["ECONNRESET", "ECONNREFUSED", "EPIPE", "ETIMEDOUT", "UND_ERR_SOCKET"]);
+const NON_RETRIABLE_ERROR_NAMES = new Set(["AbortError", "TimeoutError", "APIUserAbortError"]);
+const RETRIABLE_NETWORK_ERROR_MESSAGES = [
+  "bun proxy upstream error",
+  "connection reset by peer",
+  "connection reset by server",
+  "econnreset",
+  "econnrefused",
+  "epipe",
+  "etimedout",
+  "fetch failed",
+  "network connection lost",
+  "socket hang up",
+  "und_err_socket",
+];
+
+interface ErrorWithCode extends Error {
+  code?: string;
+  cause?: unknown;
+}
 
 /**
  * Parse the Retry-After header from a response.
@@ -132,6 +152,69 @@ function bodyHasAccountError(body: string | object | null | undefined): boolean
   );
 }
 
+function collectErrorChain(error: unknown): ErrorWithCode[] {
+  const queue: unknown[] = [error];
+  const visited = new Set<unknown>();
+  const chain: ErrorWithCode[] = [];
+
+  while (queue.length > 0) {
+    const candidate = queue.shift();
+    if (candidate == null || visited.has(candidate)) {
+      continue;
+    }
+
+    visited.add(candidate);
+
+    if (candidate instanceof Error) {
+      const typedCandidate = candidate as ErrorWithCode;
+      chain.push(typedCandidate);
+      if (typedCandidate.cause !== undefined) {
+        queue.push(typedCandidate.cause);
+      }
+      continue;
+    }
+
+    if (typeof candidate === "object" && "cause" in candidate) {
+      queue.push((candidate as { cause?: unknown }).cause);
+    }
+  }
+
+  return chain;
+}
+
+/**
+ * Check whether an error represents a transient transport/network failure.
+ */
+export function isRetriableNetworkError(error: unknown): boolean {
+  if (typeof error === "string") {
+    const text = error.toLowerCase();
+    return RETRIABLE_NETWORK_ERROR_MESSAGES.some((signal) => text.includes(signal));
+  }
+
+  const chain = collectErrorChain(error);
+  if (chain.length === 0) {
+    return false;
+  }
+
+  for (const candidate of chain) {
+    if (NON_RETRIABLE_ERROR_NAMES.has(candidate.name)) {
+      return false;
+    }
+
+    const code = candidate.code?.toUpperCase();
+    if (code && RETRIABLE_NETWORK_ERROR_CODES.has(code)) {
+      return true;
+    }
+
+    const message = candidate.message.toLowerCase();
+    if (RETRIABLE_NETWORK_ERROR_MESSAGES.some((signal) => message.includes(signal))) {
+      return true;
+    }
+  }
+
+  return false;
+}
+
 /**
  * Check whether an HTTP response represents an account-specific error
  * that would benefit from switching to a different account.

package/src/bun-fetch.test.ts

@@ -379,3 +379,106 @@ describe("createBunFetch runtime lifecycle (RED until T20)", () => {
     expect(proxyA.child.killSignals).toEqual([]);
   });
 });
+
+describe("createBunFetch debug request dumping", () => {
+  const UNIQUE_REQUEST_PATTERN =
+    /^\/tmp\/opencode-request-\d{4}-\d{2}-\d{2}T\d{2}-\d{2}-\d{2}-\d{3}Z-[0-9a-f]{8}\.json$/;
+  const UNIQUE_HEADERS_PATTERN =
+    /^\/tmp\/opencode-headers-\d{4}-\d{2}-\d{2}T\d{2}-\d{2}-\d{2}-\d{3}Z-[0-9a-f]{8}\.json$/;
+  const LATEST_REQUEST_PATH = "/tmp/opencode-last-request.json";
+  const LATEST_HEADERS_PATH = "/tmp/opencode-last-headers.json";
+
+  function writtenPaths(): string[] {
+    return writeFileSyncMock.mock.calls.map((call) => String(call[0]));
+  }
+
+  it("writes a uniquely-named request file AND a latest-alias file when debug=true", async () => {
+    const proxy = createMockBunProxy();
+    spawnMock.mockImplementation(proxy.mockSpawn);
+    installMockFetch();
+
+    const moduleNs = await loadBunFetchModule();
+    const createBunFetch = getCreateBunFetch(moduleNs);
+    const instance = createBunFetch({ debug: true });
+
+    proxy.simulateStdoutBanner(42001);
+
+    await instance.fetch("https://api.anthropic.com/v1/messages?beta=true", {
+      method: "POST",
+      body: JSON.stringify({ hello: "world" }),
+    });
+
+    const paths = writtenPaths();
+    const uniqueRequest = paths.find((path) => UNIQUE_REQUEST_PATTERN.test(path));
+    const uniqueHeaders = paths.find((path) => UNIQUE_HEADERS_PATTERN.test(path));
+
+    expect(uniqueRequest, "expected a uniquely-named request dump").toBeDefined();
+    expect(uniqueHeaders, "expected a uniquely-named headers dump").toBeDefined();
+    expect(paths).toContain(LATEST_REQUEST_PATH);
+    expect(paths).toContain(LATEST_HEADERS_PATH);
+  });
+
+  it("produces a different unique path for each sequential debug request", async () => {
+    const proxy = createMockBunProxy();
+    spawnMock.mockImplementation(proxy.mockSpawn);
+    installMockFetch();
+
+    const moduleNs = await loadBunFetchModule();
+    const createBunFetch = getCreateBunFetch(moduleNs);
+    const instance = createBunFetch({ debug: true });
+
+    proxy.simulateStdoutBanner(42002);
+
+    await instance.fetch("https://api.anthropic.com/v1/messages?beta=true", {
+      method: "POST",
+      body: JSON.stringify({ n: 1 }),
+    });
+    await instance.fetch("https://api.anthropic.com/v1/messages?beta=true", {
+      method: "POST",
+      body: JSON.stringify({ n: 2 }),
+    });
+
+    const uniquePaths = writtenPaths().filter((path) => UNIQUE_REQUEST_PATTERN.test(path));
+
+    expect(uniquePaths).toHaveLength(2);
+    expect(uniquePaths[0]).not.toBe(uniquePaths[1]);
+  });
+
+  it("does not dump any artifact for count_tokens requests even when debug=true", async () => {
+    const proxy = createMockBunProxy();
+    spawnMock.mockImplementation(proxy.mockSpawn);
+    installMockFetch();
+
+    const moduleNs = await loadBunFetchModule();
+    const createBunFetch = getCreateBunFetch(moduleNs);
+    const instance = createBunFetch({ debug: true });
+
+    proxy.simulateStdoutBanner(42003);
+
+    await instance.fetch("https://api.anthropic.com/v1/messages/count_tokens", {
+      method: "POST",
+      body: JSON.stringify({ hello: "world" }),
+    });
+
+    expect(writeFileSyncMock).not.toHaveBeenCalled();
+  });
+
+  it("does not dump any artifact when debug=false", async () => {
+    const proxy = createMockBunProxy();
+    spawnMock.mockImplementation(proxy.mockSpawn);
+    installMockFetch();
+
+    const moduleNs = await loadBunFetchModule();
+    const createBunFetch = getCreateBunFetch(moduleNs);
+    const instance = createBunFetch({ debug: false });
+
+    proxy.simulateStdoutBanner(42004);
+
+    await instance.fetch("https://api.anthropic.com/v1/messages?beta=true", {
+      method: "POST",
+      body: JSON.stringify({ hello: "world" }),
+    });
+
+    expect(writeFileSyncMock).not.toHaveBeenCalled();
+  });
+});

package/src/bun-fetch.ts

@@ -1,4 +1,5 @@
 import { execFileSync, spawn, type ChildProcess } from "node:child_process";
+import { randomUUID } from "node:crypto";
 import { existsSync } from "node:fs";
 import { dirname, join } from "node:path";
 import * as readline from "node:readline";
@@ -119,23 +120,52 @@ function buildProxyRequestInit(input: FetchInput, init?: RequestInit): RequestIn
   };
 }
 
-async function writeDebugArtifacts(url: string, init: RequestInit): Promise<void> {
+const DEBUG_DUMP_DIR = "/tmp";
+const DEBUG_LATEST_REQUEST_PATH = `${DEBUG_DUMP_DIR}/opencode-last-request.json`;
+const DEBUG_LATEST_HEADERS_PATH = `${DEBUG_DUMP_DIR}/opencode-last-headers.json`;
+
+interface DebugDumpPaths {
+  requestPath: string;
+  headersPath: string;
+  latestRequestPath: string;
+  latestHeadersPath: string;
+}
+
+function makeDebugDumpId(): string {
+  const filesystemSafeTimestamp = new Date().toISOString().replace(/[:.]/g, "-");
+  const subMillisecondCollisionGuard = randomUUID().slice(0, 8);
+  return `${filesystemSafeTimestamp}-${subMillisecondCollisionGuard}`;
+}
+
+async function writeDebugArtifacts(url: string, init: RequestInit): Promise<DebugDumpPaths | null> {
   if (!init.body || !url.includes("/v1/messages") || url.includes("count_tokens")) {
-    return;
+    return null;
   }
 
   const { writeFileSync } = await import("node:fs");
-  writeFileSync(
-    "/tmp/opencode-last-request.json",
-    typeof init.body === "string" ? init.body : JSON.stringify(init.body),
-  );
+  const id = makeDebugDumpId();
+  const requestPath = `${DEBUG_DUMP_DIR}/opencode-request-${id}.json`;
+  const headersPath = `${DEBUG_DUMP_DIR}/opencode-headers-${id}.json`;
+
+  const bodyText = typeof init.body === "string" ? init.body : JSON.stringify(init.body);
 
   const logHeaders: Record<string, string> = {};
   toHeaders(init.headers).forEach((value, key) => {
     logHeaders[key] = key === "authorization" ? "Bearer ***" : value;
   });
+  const headersText = JSON.stringify(logHeaders, null, 2);
+
+  writeFileSync(requestPath, bodyText);
+  writeFileSync(headersPath, headersText);
+  writeFileSync(DEBUG_LATEST_REQUEST_PATH, bodyText);
+  writeFileSync(DEBUG_LATEST_HEADERS_PATH, headersText);
 
-  writeFileSync("/tmp/opencode-last-headers.json", JSON.stringify(logHeaders, null, 2));
+  return {
+    requestPath,
+    headersPath,
+    latestRequestPath: DEBUG_LATEST_REQUEST_PATH,
+    latestHeadersPath: DEBUG_LATEST_HEADERS_PATH,
+  };
 }
 
 export function createBunFetch(options: BunFetchOptions = {}): BunFetchInstance {
@@ -400,10 +430,12 @@ export function createBunFetch(options: BunFetchOptions = {}): BunFetchInstance
 
       if (resolveDebug(debugOverride)) {
         try {
-          await writeDebugArtifacts(url, init ?? {});
-          if ((init?.body ?? null) !== null && url.includes("/v1/messages") && !url.includes("count_tokens")) {
+          const dumped = await writeDebugArtifacts(url, init ?? {});
+          if (dumped) {
             // eslint-disable-next-line no-console -- debug-gated diagnostic; confirms request artifact dump location
-            console.error("[opencode-anthropic-auth] Dumped request to /tmp/opencode-last-request.json");
+            console.error(
+              `[opencode-anthropic-auth] Dumped request to ${dumped.requestPath} (latest alias: ${dumped.latestRequestPath})`,
+            );
           }
         } catch (error) {
           // eslint-disable-next-line no-console -- error-path diagnostic surfaced to stderr for operator visibility

package/src/bun-proxy.test.ts

@@ -0,0 +1,37 @@
+import { describe, expect, it, vi } from "vitest";
+
+import { createProxyRequestHandler } from "./bun-proxy.js";
+
+function makeProxyRequest(headers?: HeadersInit): Request {
+  const requestHeaders = new Headers(headers);
+  requestHeaders.set("x-proxy-url", "https://api.anthropic.com/v1/messages");
+  requestHeaders.set("content-type", "application/json");
+
+  return new Request("http://127.0.0.1/proxy", {
+    method: "POST",
+    headers: requestHeaders,
+    body: JSON.stringify({ ok: true }),
+  });
+}
+
+describe("createProxyRequestHandler", () => {
+  it("forwards retry requests with keepalive disabled to the upstream fetch", async () => {
+    const upstreamFetch = vi.fn(async (_input, init?: RequestInit) => {
+      expect(init?.keepalive).toBe(false);
+      const forwardedHeaders = init?.headers instanceof Headers ? init.headers : new Headers(init?.headers);
+      expect(forwardedHeaders.get("connection")).toBe("close");
+      expect(forwardedHeaders.get("x-proxy-disable-keepalive")).toBeNull();
+      return new Response("ok", { status: 200 });
+    });
+    const handler = createProxyRequestHandler({
+      fetchImpl: upstreamFetch as typeof fetch,
+      allowHosts: ["api.anthropic.com"],
+      requestTimeoutMs: 50,
+    });
+
+    const response = await handler(makeProxyRequest({ "x-proxy-disable-keepalive": "true" }));
+
+    await expect(response.text()).resolves.toBe("ok");
+    expect(upstreamFetch).toHaveBeenCalledTimes(1);
+  });
+});

package/src/bun-proxy.ts

@@ -8,6 +8,7 @@ const DEFAULT_REQUEST_TIMEOUT_MS = 600_000;
 const DEFAULT_PARENT_EXIT_CODE = 1;
 const DEFAULT_PARENT_POLL_INTERVAL_MS = 5_000;
 const HEALTH_PATH = "/__health";
+const PROXY_DISABLE_KEEPALIVE_HEADER = "x-proxy-disable-keepalive";
 const DEBUG_ENABLED = process.env.OPENCODE_ANTHROPIC_DEBUG === "1";
 
 interface ProxyRequestHandlerOptions {
@@ -85,11 +86,16 @@ function createDefaultParentWatcherFactory(): ParentWatcherFactory {
     });
 }
 
-function sanitizeForwardHeaders(source: Headers): Headers {
+function sanitizeForwardHeaders(source: Headers, forceFreshConnection = false): Headers {
   const headers = new Headers(source);
-  ["x-proxy-url", "host", "connection", "content-length"].forEach((headerName) => {
+  [PROXY_DISABLE_KEEPALIVE_HEADER, "x-proxy-url", "host", "connection", "content-length"].forEach((headerName) => {
     headers.delete(headerName);
   });
+
+  if (forceFreshConnection) {
+    headers.set("connection", "close");
+  }
+
   return headers;
 }
 
@@ -161,11 +167,13 @@ async function createUpstreamInit(req: Request, signal: AbortSignal): Promise<Re
   const method = req.method || "GET";
   const hasBody = method !== "GET" && method !== "HEAD";
   const bodyText = hasBody ? await req.text() : "";
+  const forceFreshConnection = req.headers.get(PROXY_DISABLE_KEEPALIVE_HEADER) === "true";
 
   return {
     method,
-    headers: sanitizeForwardHeaders(req.headers),
+    headers: sanitizeForwardHeaders(req.headers, forceFreshConnection),
     signal,
+    ...(forceFreshConnection ? { keepalive: false } : {}),
     ...(hasBody && bodyText.length > 0 ? { body: bodyText } : {}),
   };
 }

package/src/drift/cch-constants.ts

@@ -0,0 +1,133 @@
+export const EXPECTED_CCH_PLACEHOLDER = "00000";
+export const EXPECTED_CCH_SALT = "59cf53e54c78";
+export const EXPECTED_CCH_SEED = 0x6e52_736a_c806_831en;
+
+export const EXPECTED_XXHASH64_PRIMES = [
+  0x9e37_79b1_85eb_ca87n,
+  0xc2b2_ae3d_27d4_eb4fn,
+  0x1656_67b1_9e37_79f9n,
+  0x85eb_ca77_c2b2_ae63n,
+  0x27d4_eb2f_1656_67c5n,
+] as const;
+
+export type DriftSeverity = "critical" | "warning";
+
+export interface DriftFinding {
+  name: string;
+  severity: DriftSeverity;
+  expected: string;
+  actual: string;
+  count: number;
+}
+
+export interface DriftScanReport {
+  target: string;
+  mode: "standalone" | "bundle";
+  findings: DriftFinding[];
+  checked: {
+    placeholder: number;
+    salt: number;
+    seed: number;
+    primes: number[];
+  };
+  passed: boolean;
+}
+
+function encodeAscii(value: string): Uint8Array {
+  return new TextEncoder().encode(value);
+}
+
+export function bigintToLittleEndianBytes(value: bigint): Uint8Array {
+  const bytes = new Uint8Array(8);
+  let remaining = value;
+  for (let index = 0; index < bytes.length; index += 1) {
+    bytes[index] = Number(remaining & 0xffn);
+    remaining >>= 8n;
+  }
+  return bytes;
+}
+
+export function findAllOccurrences(haystack: Uint8Array, needle: Uint8Array): number[] {
+  if (needle.length === 0 || haystack.length < needle.length) {
+    return [];
+  }
+
+  const matches: number[] = [];
+  outer: for (let start = 0; start <= haystack.length - needle.length; start += 1) {
+    for (let offset = 0; offset < needle.length; offset += 1) {
+      if (haystack[start + offset] !== needle[offset]) {
+        continue outer;
+      }
+    }
+    matches.push(start);
+  }
+  return matches;
+}
+
+function addFinding(
+  findings: DriftFinding[],
+  count: number,
+  name: string,
+  severity: DriftSeverity,
+  expected: string,
+  actual: string,
+): void {
+  if (count > 0) {
+    return;
+  }
+  findings.push({ name, severity, expected, actual, count });
+}
+
+export function scanCchConstants(bytes: Uint8Array, target: string, mode: "standalone" | "bundle"): DriftScanReport {
+  const placeholderMatches = findAllOccurrences(bytes, encodeAscii(`cch=${EXPECTED_CCH_PLACEHOLDER}`));
+  const saltMatches = findAllOccurrences(bytes, encodeAscii(EXPECTED_CCH_SALT));
+  const seedMatches = findAllOccurrences(bytes, bigintToLittleEndianBytes(EXPECTED_CCH_SEED));
+  const primeMatches = EXPECTED_XXHASH64_PRIMES.map(
+    (prime) => findAllOccurrences(bytes, bigintToLittleEndianBytes(prime)).length,
+  );
+
+  const findings: DriftFinding[] = [];
+  addFinding(
+    findings,
+    placeholderMatches.length,
+    "cch placeholder",
+    "critical",
+    `cch=${EXPECTED_CCH_PLACEHOLDER}`,
+    "not found",
+  );
+  addFinding(findings, saltMatches.length, "cc_version salt", "critical", EXPECTED_CCH_SALT, "not found");
+
+  if (mode === "standalone") {
+    addFinding(
+      findings,
+      seedMatches.length,
+      "native cch seed",
+      "critical",
+      `0x${EXPECTED_CCH_SEED.toString(16)}`,
+      "not found",
+    );
+    for (const [index, count] of primeMatches.entries()) {
+      addFinding(
+        findings,
+        count,
+        `xxHash64 prime ${index + 1}`,
+        "warning",
+        `0x${EXPECTED_XXHASH64_PRIMES[index].toString(16)}`,
+        "not found",
+      );
+    }
+  }
+
+  return {
+    target,
+    mode,
+    findings,
+    checked: {
+      placeholder: placeholderMatches.length,
+      salt: saltMatches.length,
+      seed: seedMatches.length,
+      primes: primeMatches,
+    },
+    passed: findings.length === 0,
+  };
+}

package/src/headers/billing.ts

@@ -1,12 +1,14 @@
 import { createHash } from "node:crypto";
+import { CCH_PLACEHOLDER } from "./cch.js";
 import { isFalsyEnv } from "../env.js";
 
 export function buildAnthropicBillingHeader(claudeCliVersion: string, messages: unknown[]): string {
   if (isFalsyEnv(process.env.CLAUDE_CODE_ATTRIBUTION_HEADER)) return "";
 
-  // CC derives a 3-char hash from the first user message content using SHA-256
-  // with salt "59cf53e54c78", extracting chars at positions [4,7,20] and appending
-  // the CLI version, then taking the first 3 hex chars of that combined string.
+  // CC derives the 3-char cc_version suffix from the first user message using
+  // SHA-256 with salt "59cf53e54c78" and positions [4,7,20]. The cch field is
+  // emitted here as the literal placeholder "00000" and replaced later, after
+  // full-body serialization, by replaceNativeStyleCch() in src/headers/cch.ts.
   let versionSuffix = "";
   if (Array.isArray(messages)) {
     // Find first user message (CC uses first non-meta user turn)
@@ -38,34 +40,5 @@ export function buildAnthropicBillingHeader(claudeCliVersion: string, messages:
 
   const entrypoint = process.env.CLAUDE_CODE_ENTRYPOINT ?? "cli";
 
-  // ---------------------------------------------------------------------------
-  // Billing header construction — mimics CC's mk_() function with two deliberate gaps:
-  // 1. cc_workload field: CC tracks this via AsyncLocalStorage for session-level
-  //    workload attribution. Not applicable to the plugin (no workload tracking).
-  //    See .omc/research/cch-source-analysis.md:124-131
-  // 2. cch value: CC uses placeholder "00000". Plugin computes a deterministic hash
-  //    from prompt content for consistent routing. See cch-source-analysis.md:28-39
-  // ---------------------------------------------------------------------------
-
-  // CC's Bun binary computes a 5-char hex attestation hash via Attestation.zig
-  // and overwrites the "00000" placeholder before sending. On Node.js (npm CC)
-  // the placeholder is sent as-is. The server may reject literal "00000" and
-  // route to extra usage. Generate a body-derived 5-char hex hash to mimic
-  // the attestation without the Zig layer.
-  let cchValue: string;
-  if (Array.isArray(messages) && messages.length > 0) {
-    const bodyHint = JSON.stringify(messages).slice(0, 512);
-    const cchHash = createHash("sha256")
-      .update(bodyHint + claudeCliVersion + Date.now().toString(36))
-      .digest("hex");
-    cchValue = cchHash.slice(0, 5);
-  } else {
-    // Fallback: random 5-char hex
-    const buf = createHash("sha256")
-      .update(Date.now().toString(36) + Math.random().toString(36))
-      .digest("hex");
-    cchValue = buf.slice(0, 5);
-  }
-
-  return `x-anthropic-billing-header: cc_version=${claudeCliVersion}${versionSuffix}; cc_entrypoint=${entrypoint}; cch=${cchValue};`;
+  return `x-anthropic-billing-header: cc_version=${claudeCliVersion}${versionSuffix}; cc_entrypoint=${entrypoint}; cch=${CCH_PLACEHOLDER};`;
 }

package/src/headers/cch.ts

@@ -0,0 +1,120 @@
+const MASK64 = 0xffff_ffff_ffff_ffffn;
+const CCH_MASK = 0x0f_ffffn;
+const PRIME1 = 0x9e37_79b1_85eb_ca87n;
+const PRIME2 = 0xc2b2_ae3d_27d4_eb4fn;
+const PRIME3 = 0x1656_67b1_9e37_79f9n;
+const PRIME4 = 0x85eb_ca77_c2b2_ae63n;
+const PRIME5 = 0x27d4_eb2f_1656_67c5n;
+const CCH_FIELD_PREFIX = "cch=";
+
+export const CCH_PLACEHOLDER = "00000";
+export const CCH_SEED = 0x6e52_736a_c806_831en;
+
+const encoder = new TextEncoder();
+
+function toUint64(value: bigint): bigint {
+  return value & MASK64;
+}
+
+function rotateLeft64(value: bigint, bits: number): bigint {
+  const shift = BigInt(bits);
+  return toUint64((value << shift) | (value >> (64n - shift)));
+}
+
+function readUint32LE(view: DataView, offset: number): bigint {
+  return BigInt(view.getUint32(offset, true));
+}
+
+function readUint64LE(view: DataView, offset: number): bigint {
+  return view.getBigUint64(offset, true);
+}
+
+function round64(acc: bigint, input: bigint): bigint {
+  const mixed = toUint64(acc + toUint64(input * PRIME2));
+  return toUint64(rotateLeft64(mixed, 31) * PRIME1);
+}
+
+function mergeRound64(acc: bigint, value: bigint): bigint {
+  const mixed = acc ^ round64(0n, value);
+  return toUint64(toUint64(mixed) * PRIME1 + PRIME4);
+}
+
+function avalanche64(hash: bigint): bigint {
+  let mixed = hash ^ (hash >> 33n);
+  mixed = toUint64(mixed * PRIME2);
+  mixed ^= mixed >> 29n;
+  mixed = toUint64(mixed * PRIME3);
+  mixed ^= mixed >> 32n;
+  return toUint64(mixed);
+}
+
+export function xxHash64(input: Uint8Array, seed: bigint = CCH_SEED): bigint {
+  const view = new DataView(input.buffer, input.byteOffset, input.byteLength);
+  const length = input.byteLength;
+  let offset = 0;
+  let hash: bigint;
+
+  if (length >= 32) {
+    let v1 = toUint64(seed + PRIME1 + PRIME2);
+    let v2 = toUint64(seed + PRIME2);
+    let v3 = toUint64(seed);
+    let v4 = toUint64(seed - PRIME1);
+
+    while (offset <= length - 32) {
+      v1 = round64(v1, readUint64LE(view, offset));
+      v2 = round64(v2, readUint64LE(view, offset + 8));
+      v3 = round64(v3, readUint64LE(view, offset + 16));
+      v4 = round64(v4, readUint64LE(view, offset + 24));
+      offset += 32;
+    }
+
+    hash = toUint64(rotateLeft64(v1, 1) + rotateLeft64(v2, 7) + rotateLeft64(v3, 12) + rotateLeft64(v4, 18));
+    hash = mergeRound64(hash, v1);
+    hash = mergeRound64(hash, v2);
+    hash = mergeRound64(hash, v3);
+    hash = mergeRound64(hash, v4);
+  } else {
+    hash = toUint64(seed + PRIME5);
+  }
+
+  hash = toUint64(hash + BigInt(length));
+
+  while (offset <= length - 8) {
+    const lane = round64(0n, readUint64LE(view, offset));
+    hash ^= lane;
+    hash = toUint64(rotateLeft64(hash, 27) * PRIME1 + PRIME4);
+    offset += 8;
+  }
+
+  if (offset <= length - 4) {
+    hash ^= toUint64(readUint32LE(view, offset) * PRIME1);
+    hash = toUint64(rotateLeft64(hash, 23) * PRIME2 + PRIME3);
+    offset += 4;
+  }
+
+  while (offset < length) {
+    hash ^= toUint64(BigInt(view.getUint8(offset)) * PRIME5);
+    hash = toUint64(rotateLeft64(hash, 11) * PRIME1);
+    offset += 1;
+  }
+
+  return avalanche64(hash);
+}
+
+export function computeNativeStyleCch(serializedBody: string): string {
+  const hash = xxHash64(encoder.encode(serializedBody), CCH_SEED);
+  return (hash & CCH_MASK).toString(16).padStart(5, "0");
+}
+
+export function replaceNativeStyleCch(serializedBody: string): string {
+  const sentinel = `${CCH_FIELD_PREFIX}${CCH_PLACEHOLDER}`;
+  const fieldIndex = serializedBody.indexOf(sentinel);
+  if (fieldIndex === -1) {
+    return serializedBody;
+  }
+
+  const valueStart = fieldIndex + CCH_FIELD_PREFIX.length;
+  const valueEnd = valueStart + CCH_PLACEHOLDER.length;
+  const cch = computeNativeStyleCch(serializedBody);
+  return `${serializedBody.slice(0, valueStart)}${cch}${serializedBody.slice(valueEnd)}`;
+}