ai-cc-router 0.1.0

package/dist/cli/cmd-status.js

@@ -0,0 +1,46 @@
+import chalk from "chalk";
+import { PROXY_PORT } from "../config/paths.js";
+export function registerStatus(program) {
+    program
+        .command("status")
+        .description("Live dashboard: account health, request counts, recent routing log")
+        .option("--port <port>", "Proxy port to connect to", String(PROXY_PORT))
+        .option("--json", "Output current stats as JSON and exit (non-interactive)")
+        .action(async (opts) => {
+        const port = parseInt(opts.port, 10);
+        if (opts.json) {
+            await jsonOutput(port);
+            return;
+        }
+        await launchDashboard(port);
+    });
+}
+async function jsonOutput(port) {
+    try {
+        const res = await fetch(`http://localhost:${port}/cc-router/health`, {
+            signal: AbortSignal.timeout(2_000),
+        });
+        if (!res.ok) {
+            console.error(chalk.red(`Proxy returned HTTP ${res.status}`));
+            process.exit(1);
+        }
+        console.log(JSON.stringify(await res.json(), null, 2));
+    }
+    catch {
+        console.error(chalk.red(`Cannot connect to proxy at http://localhost:${port}`));
+        console.error(chalk.gray("Is it running? Start with: cc-router start"));
+        process.exit(1);
+    }
+}
+async function launchDashboard(port) {
+    // Dynamic imports keep these heavy deps out of the cold-start path
+    const [{ render }, { createElement }, { Dashboard }] = await Promise.all([
+        import("ink"),
+        import("react"),
+        import("../ui/Dashboard.js"),
+    ]);
+    render(createElement(Dashboard, { port }), {
+        // Let Ink handle Ctrl+C — it calls exit() which cleanly unmounts
+        exitOnCtrlC: true,
+    });
+}

package/dist/cli/cmd-stop.js

@@ -0,0 +1,128 @@
+import { execFile } from "child_process";
+import { promisify } from "util";
+import chalk from "chalk";
+import { removeClaudeSettings, readClaudeProxySettings } from "../utils/claude-config.js";
+import { isWindows } from "../utils/platform.js";
+import { PROXY_PORT } from "../config/paths.js";
+const execFileAsync = promisify(execFile);
+export function registerStop(program) {
+    program
+        .command("stop")
+        .description("Stop the proxy and restore Claude Code to normal authentication")
+        .option("--keep-config", "Stop the proxy process but keep ~/.claude/settings.json untouched")
+        .action(async (opts) => {
+        await stopProxy({ revertConfig: !opts.keepConfig });
+    });
+}
+export function registerRevert(program) {
+    program
+        .command("revert")
+        .description("Restore Claude Code to its normal authentication (removes proxy config)")
+        .action(async () => {
+        await stopProxy({ revertConfig: true });
+    });
+}
+// ─── Core logic (shared by stop and revert) ────────────────────────────────
+async function stopProxy({ revertConfig }) {
+    let anythingDone = false;
+    // 1. Stop the proxy process (PM2 if registered, else kill by port)
+    const stopped = await tryStopProcess();
+    if (stopped) {
+        console.log(chalk.green("✓ Proxy process stopped"));
+        anythingDone = true;
+    }
+    else {
+        const running = await isProxyRunning();
+        if (running) {
+            console.log(chalk.yellow("⚠ Could not stop proxy automatically."));
+            console.log(chalk.gray("  If it's running in a terminal, press Ctrl+C there."));
+            console.log(chalk.gray(`  Or kill manually: kill $(lsof -ti:${PROXY_PORT})`));
+        }
+        else {
+            console.log(chalk.gray("  Proxy is not running."));
+        }
+    }
+    // 2. Remove Claude Code proxy settings
+    if (revertConfig) {
+        const current = readClaudeProxySettings();
+        if (current.baseUrl) {
+            removeClaudeSettings();
+            console.log(chalk.green("✓ Removed proxy settings from ~/.claude/settings.json"));
+            console.log(chalk.gray("  Claude Code will use its normal authentication on next launch."));
+            anythingDone = true;
+        }
+        else {
+            console.log(chalk.gray("  ~/.claude/settings.json already has no proxy config."));
+        }
+    }
+    if (!anythingDone) {
+        console.log(chalk.gray("\nNothing to do — proxy was not running and config was not set."));
+    }
+    else {
+        console.log(chalk.green("\n✓ Done. Claude Code is back to normal."));
+        console.log(chalk.gray("  To re-enable the proxy:  cc-router start"));
+        console.log(chalk.gray("  To reconfigure:          cc-router configure\n"));
+    }
+}
+// ─── Process management ────────────────────────────────────────────────────
+async function tryStopProcess() {
+    // Try PM2 first (Phase 5 service)
+    const pm2Stopped = await tryStopPm2();
+    if (pm2Stopped)
+        return true;
+    // Fall back to killing by port
+    return killByPort(PROXY_PORT);
+}
+async function tryStopPm2() {
+    try {
+        await execFileAsync("pm2", ["stop", "cc-router"]);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+async function killByPort(port) {
+    try {
+        if (isWindows()) {
+            // Windows: netstat to find PID, then taskkill
+            const { stdout } = await execFileAsync("netstat", ["-ano"]);
+            const match = stdout
+                .split("\n")
+                .find(line => line.includes(`:${port}`) && line.includes("LISTENING"));
+            if (!match)
+                return false;
+            const pid = match.trim().split(/\s+/).at(-1);
+            if (!pid || isNaN(Number(pid)))
+                return false;
+            await execFileAsync("taskkill", ["/PID", pid, "/F"]);
+            return true;
+        }
+        else {
+            // macOS / Linux: lsof to find PIDs, then kill
+            const { stdout } = await execFileAsync("lsof", ["-ti", `:${port}`]);
+            const pids = stdout.trim().split("\n").filter(Boolean);
+            if (pids.length === 0)
+                return false;
+            // kill each PID — args are array, no shell injection possible
+            for (const pid of pids) {
+                await execFileAsync("kill", ["-TERM", pid]);
+            }
+            return true;
+        }
+    }
+    catch {
+        return false;
+    }
+}
+async function isProxyRunning() {
+    try {
+        const res = await fetch(`http://localhost:${PROXY_PORT}/cc-router/health`, {
+            signal: AbortSignal.timeout(500),
+        });
+        return res.ok;
+    }
+    catch {
+        return false;
+    }
+}

package/dist/cli/index.js

@@ -0,0 +1,38 @@
+#!/usr/bin/env node
+import { Command } from "commander";
+import { registerSetup } from "./cmd-setup.js";
+import { registerStart } from "./cmd-start.js";
+import { registerStop, registerRevert } from "./cmd-stop.js";
+import { registerStatus } from "./cmd-status.js";
+import { registerAccounts } from "./cmd-accounts.js";
+import { registerService } from "./cmd-service.js";
+import { registerConfigure } from "./cmd-configure.js";
+import { registerDocker } from "./cmd-docker.js";
+const program = new Command();
+program
+    .name("cc-router")
+    .description("Round-robin proxy for Claude Max OAuth tokens.\n" +
+    "Distributes Claude Code requests across multiple Claude Max accounts.")
+    .version("0.1.0")
+    .addHelpText("after", `
+Examples:
+  $ cc-router setup              # First-time wizard: extract tokens + configure Claude Code
+  $ cc-router start              # Start proxy on localhost:3456
+  $ cc-router start --daemon     # Start in background via PM2
+  $ cc-router status             # Live dashboard with account stats
+  $ cc-router service install    # Auto-start on system boot
+  $ cc-router accounts list      # Show all configured accounts
+  $ cc-router revert             # Restore Claude Code to normal (remove proxy config)
+  $ cc-router docker up          # Full stack: cc-router + LiteLLM in Docker
+  $ cc-router docker down        # Stop Docker stack
+`);
+registerSetup(program);
+registerStart(program);
+registerStop(program);
+registerRevert(program);
+registerStatus(program);
+registerAccounts(program);
+registerService(program);
+registerConfigure(program);
+registerDocker(program);
+program.parse();

package/dist/config/manager.js

@@ -0,0 +1,56 @@
+import { existsSync, mkdirSync, readFileSync, writeFileSync, renameSync } from "fs";
+import { CONFIG_DIR, ACCOUNTS_PATH } from "./paths.js";
+export function ensureConfigDir() {
+    if (!existsSync(CONFIG_DIR)) {
+        mkdirSync(CONFIG_DIR, { recursive: true });
+    }
+}
+export function accountsFileExists(path) {
+    return existsSync(path ?? ACCOUNTS_PATH);
+}
+export function readAccountsRaw() {
+    return readRawFromPath(ACCOUNTS_PATH);
+}
+function readRawFromPath(path) {
+    if (!existsSync(path))
+        return [];
+    try {
+        return JSON.parse(readFileSync(path, "utf-8"));
+    }
+    catch {
+        return [];
+    }
+}
+/** Deserialize Account[] from an explicit file path */
+export function readAccountsFromPath(path) {
+    return deserialize(readRawFromPath(path));
+}
+// Escritura atómica: escribe a .tmp y renombra — evita JSON corrupto si el proceso muere mid-write
+export function writeAccountsAtomic(data) {
+    ensureConfigDir();
+    const tmp = ACCOUNTS_PATH + ".tmp";
+    writeFileSync(tmp, JSON.stringify(data, null, 2), "utf-8");
+    renameSync(tmp, ACCOUNTS_PATH);
+}
+/** Deserialize flat AccountRecord[] from the default path into runtime Account[] */
+export function loadAccounts() {
+    return deserialize(readAccountsRaw());
+}
+function deserialize(records) {
+    return records.map(a => ({
+        id: a.id,
+        tokens: {
+            accessToken: a.accessToken,
+            refreshToken: a.refreshToken,
+            expiresAt: a.expiresAt,
+            scopes: a.scopes ?? ["user:inference", "user:profile"],
+        },
+        healthy: true,
+        busy: false,
+        requestCount: 0,
+        errorCount: 0,
+        lastUsed: 0,
+        lastRefresh: 0,
+        consecutiveErrors: 0,
+    }));
+}

package/dist/config/paths.js

@@ -0,0 +1,11 @@
+import os from "os";
+import path from "path";
+// All paths support env var overrides so Docker can inject them via environment
+export const CONFIG_DIR = path.join(os.homedir(), ".cc-router");
+export const ACCOUNTS_PATH = process.env["ACCOUNTS_PATH"] ??
+    path.join(CONFIG_DIR, "accounts.json");
+export const CLAUDE_SETTINGS_PATH = path.join(os.homedir(), ".claude", "settings.json");
+export const PROXY_PORT = parseInt(process.env["PORT"] ?? "3456", 10);
+export const LITELLM_PORT = 4000;
+// When set, the server forwards to LiteLLM instead of Anthropic directly
+export const LITELLM_URL = process.env["LITELLM_URL"];

package/dist/proxy/logger.js

@@ -0,0 +1,34 @@
+import chalk from "chalk";
+function ts() {
+    return new Date().toISOString().slice(11, 19); // HH:MM:SS
+}
+export function logRoute(accountId, requestCount, expiresInMin) {
+    console.log(chalk.gray(`[${ts()}]`) +
+        chalk.green(` → ${accountId}`) +
+        chalk.gray(` req#${requestCount}`) +
+        chalk.yellow(` exp=${expiresInMin}min`));
+}
+export function logRefresh(accountId, ok, expiresInMin) {
+    if (ok) {
+        console.log(chalk.yellow(`[${ts()}] [REFRESH] ${accountId}: OK — expires in ${expiresInMin}min`));
+    }
+    else {
+        console.log(chalk.red(`[${ts()}] [REFRESH] ${accountId}: FAILED`));
+    }
+}
+export function logError(accountId, status, message) {
+    const statusStr = status > 0 ? ` HTTP ${status}` : "";
+    console.log(chalk.red(`[${ts()}] [ERROR] ${accountId}:${statusStr} ${message}`));
+}
+export function logStartup(port, host, mode, target, accountCount) {
+    const listen = host === "127.0.0.1" ? `http://localhost:${port}` : `http://${host}:${port}`;
+    console.log(chalk.cyan(`
+╔══════════════════════════════════════════════╗
+║  CC-Router                                   ║
+║  Listening: ${listen.padEnd(33)}║
+║  Mode     : ${mode.padEnd(33)}║
+║  Target   : ${target.slice(0, 33).padEnd(33)}║
+║  Accounts : ${String(accountCount).padEnd(33)}║
+╚══════════════════════════════════════════════╝
+`));
+}

package/dist/proxy/server.js

@@ -0,0 +1,178 @@
+import express from "express";
+import { createProxyMiddleware } from "http-proxy-middleware";
+import { ServerResponse } from "http";
+import { TokenPool } from "./token-pool.js";
+import { needsRefresh, refreshAccountToken, saveAccounts, startRefreshLoop } from "./token-refresher.js";
+import { loadAccounts, accountsFileExists, readAccountsFromPath } from "../config/manager.js";
+import { logRoute, logError, logStartup } from "./logger.js";
+import { stats } from "./stats.js";
+import { PROXY_PORT, LITELLM_URL } from "../config/paths.js";
+import chalk from "chalk";
+export async function startServer(opts = {}) {
+    const port = opts.port ?? PROXY_PORT;
+    // Direct-to-Anthropic (standalone) or via LiteLLM (full mode).
+    // Priority: explicit option > LITELLM_URL env var > direct to Anthropic
+    const litellmUrl = opts.litellmUrl ?? LITELLM_URL;
+    const target = litellmUrl ?? "https://api.anthropic.com";
+    const mode = litellmUrl ? "litellm" : "standalone";
+    const accountsPath = opts.accountsPath;
+    if (!accountsFileExists(accountsPath)) {
+        console.error(chalk.red("\n✗ accounts.json not found."));
+        console.error(chalk.yellow("  Run: cc-router setup\n"));
+        process.exit(1);
+    }
+    const accounts = accountsPath ? readAccountsFromPath(accountsPath) : loadAccounts();
+    if (accounts.length === 0) {
+        console.error(chalk.red("\n✗ No accounts found in accounts.json."));
+        console.error(chalk.yellow("  Run: cc-router setup\n"));
+        process.exit(1);
+    }
+    const pool = new TokenPool(accounts);
+    startRefreshLoop(accounts);
+    const app = express();
+    // ─── Health endpoint (cc-router internal, NOT proxied) ────────────────────
+    app.get("/cc-router/health", (_req, res) => {
+        res.json({
+            status: pool.getHealthy().length > 0 ? "ok" : "degraded",
+            mode,
+            target,
+            uptime: stats.getUptimeSeconds(),
+            totalRequests: stats.totalRequests,
+            totalErrors: stats.totalErrors,
+            totalRefreshes: stats.totalRefreshes,
+            accounts: pool.getStats(),
+            recentLogs: stats.getRecentLogs(),
+        });
+    });
+    // ─── Proxy middleware ──────────────────────────────────────────────────────
+    // IMPORTANT: selfHandleResponse must be false (default) for SSE streaming to
+    // work transparently. Setting it to true breaks streaming.
+    const proxy = createProxyMiddleware({
+        target,
+        changeOrigin: true,
+        // Express strips the /v1 mount prefix from req.url before passing it to middleware.
+        // pathRewrite restores it so the proxy forwards /v1/messages, not /messages.
+        pathRewrite: (path) => `/v1${path}`,
+        // Long timeouts — Claude Code requests can be >5min (thinking, agents)
+        proxyTimeout: 5 * 60 * 1000,
+        timeout: 5 * 60 * 1000,
+        on: {
+            proxyReq: (proxyReq, req) => {
+                const account = req._ccAccount;
+                if (!account)
+                    return;
+                // Replace the placeholder/proxy auth token with the real OAuth token.
+                // Claude Code sends ANTHROPIC_AUTH_TOKEN as "Authorization: Bearer proxy-managed".
+                // We replace it with the real OAuth token for this account.
+                proxyReq.setHeader("authorization", `Bearer ${account.tokens.accessToken}`);
+                // Remove x-api-key if present — OAuth authentication uses Authorization Bearer,
+                // not x-api-key. Having both set can cause conflicts at Anthropic's side.
+                proxyReq.removeHeader("x-api-key");
+                // CRITICAL: api.anthropic.com requires the "oauth-2025-04-20" beta flag to
+                // accept OAuth tokens (sk-ant-oat01-*). Without it the request is rejected
+                // with "OAuth authentication is currently not supported."
+                // APPEND — do NOT replace — so existing betas (tools, computer-use, etc.) are preserved.
+                const existingBeta = proxyReq.getHeader("anthropic-beta");
+                const betas = existingBeta
+                    ? String(existingBeta).split(",").map(b => b.trim()).filter(Boolean)
+                    : [];
+                if (!betas.includes("oauth-2025-04-20")) {
+                    betas.push("oauth-2025-04-20");
+                    proxyReq.setHeader("anthropic-beta", betas.join(","));
+                }
+                // All other headers are forwarded automatically by http-proxy-middleware:
+                //   anthropic-version         — required by Anthropic API
+                //   X-Claude-Code-Session-Id  — session aggregation header sent by Claude Code
+                //   content-type              — always application/json
+            },
+            proxyRes: (proxyRes, req) => {
+                const account = req._ccAccount;
+                if (!account)
+                    return;
+                const status = proxyRes.statusCode ?? 0;
+                if (status === 401) {
+                    // Token invalid or expired mid-request.
+                    // Forward the 401 to the client (Claude Code will retry on 401).
+                    // Schedule a background refresh so the next request succeeds.
+                    stats.totalErrors++;
+                    account.errorCount++;
+                    logError(account.id, 401, "Token invalid — scheduling background refresh");
+                    stats.addLog({ ts: Date.now(), accountId: account.id, model: "-", type: "error", details: "401" });
+                    refreshAccountToken(account).then(ok => {
+                        if (ok)
+                            saveAccounts(pool.getAll());
+                    }).catch(console.error);
+                }
+                if (status === 429) {
+                    // Rate limited — put account on cooldown for Retry-After seconds.
+                    stats.totalErrors++;
+                    account.errorCount++;
+                    const retryAfter = Number(proxyRes.headers["retry-after"] ?? 60);
+                    logError(account.id, 429, `Rate limited — cooldown ${retryAfter}s`);
+                    stats.addLog({ ts: Date.now(), accountId: account.id, model: "-", type: "error", details: "429" });
+                    account.busy = true;
+                    setTimeout(() => { account.busy = false; }, retryAfter * 1_000);
+                }
+                if (status === 529) {
+                    // Anthropic service overloaded — short cooldown on this account.
+                    stats.totalErrors++;
+                    account.errorCount++;
+                    logError(account.id, 529, "Service overloaded — cooldown 30s");
+                    stats.addLog({ ts: Date.now(), accountId: account.id, model: "-", type: "error", details: "529" });
+                    account.busy = true;
+                    setTimeout(() => { account.busy = false; }, 30_000);
+                }
+            },
+            error: (err, _req, res) => {
+                stats.totalErrors++;
+                logError("proxy", 0, err.message);
+                // res may be a Socket (WebSocket upgrade) — only respond on HTTP ServerResponse
+                if (res instanceof ServerResponse && !res.headersSent) {
+                    // Match Anthropic's error response format so Claude Code handles it gracefully
+                    res.writeHead(502, { "Content-Type": "application/json" });
+                    res.end(JSON.stringify({
+                        type: "error",
+                        error: { type: "proxy_error", message: err.message },
+                    }));
+                }
+            },
+        },
+    });
+    // ─── /v1/* — select account, refresh if needed, then proxy ───────────────
+    // CRITICAL: Do NOT use express.json() here — it consumes the body stream
+    // and breaks SSE streaming passthrough.
+    app.use("/v1", async (req, _res, next) => {
+        const account = pool.getNext();
+        // Synchronous refresh if token expires within the buffer window
+        if (needsRefresh(account)) {
+            const ok = await refreshAccountToken(account);
+            if (ok)
+                saveAccounts(pool.getAll());
+        }
+        req._ccAccount = account;
+        stats.totalRequests++;
+        stats.addLog({ ts: Date.now(), accountId: account.id, model: "?", type: "route" });
+        logRoute(account.id, account.requestCount, Math.round((account.tokens.expiresAt - Date.now()) / 60_000));
+        next();
+    }, proxy);
+    // ─── Catch-all — forward everything else (LiteLLM UI, /v1/models, etc.) ──
+    app.use("/", createProxyMiddleware({
+        target,
+        changeOrigin: true,
+    }));
+    // ─── Graceful shutdown ────────────────────────────────────────────────────
+    const shutdown = () => {
+        console.log(chalk.yellow("\nShutting down — saving tokens..."));
+        saveAccounts(pool.getAll());
+        process.exit(0);
+    };
+    process.on("SIGTERM", shutdown);
+    process.on("SIGINT", shutdown);
+    // ─── Start ────────────────────────────────────────────────────────────────
+    // HOST env var lets teams bind to 0.0.0.0 for LAN/VPS shared access.
+    // Defaults to 127.0.0.1 (localhost-only) for single-user safety.
+    const host = process.env["HOST"] ?? "127.0.0.1";
+    app.listen(port, host, () => {
+        logStartup(port, host, mode, target, accounts.length);
+    });
+}

package/dist/proxy/stats.js

@@ -0,0 +1,21 @@
+const MAX_LOG_ENTRIES = 50;
+class ProxyStats {
+    totalRequests = 0;
+    totalErrors = 0;
+    totalRefreshes = 0;
+    startTime = Date.now();
+    logs = [];
+    addLog(entry) {
+        this.logs.push(entry);
+        if (this.logs.length > MAX_LOG_ENTRIES)
+            this.logs.shift();
+    }
+    getRecentLogs(n = 20) {
+        return [...this.logs].reverse().slice(0, n);
+    }
+    getUptimeSeconds() {
+        return Math.round((Date.now() - this.startTime) / 1000);
+    }
+}
+// Singleton — shared across server and health endpoint
+export const stats = new ProxyStats();

package/dist/proxy/token-pool.js

@@ -0,0 +1,47 @@
+export class TokenPool {
+    accounts;
+    currentIndex = 0;
+    constructor(accounts) {
+        this.accounts = accounts;
+    }
+    /**
+     * Round-robin selection among healthy, non-busy accounts.
+     * Falls back to least-loaded if all are busy.
+     * Falls back to accounts[0] if all are unhealthy.
+     */
+    getNext() {
+        const available = this.accounts.filter(a => a.healthy && !a.busy);
+        if (available.length === 0) {
+            const healthy = this.accounts.filter(a => a.healthy);
+            if (healthy.length === 0) {
+                // Complete fallback: nothing healthy — return first account and hope it recovers
+                return this.accounts[0];
+            }
+            // All healthy but busy — return least loaded
+            return healthy.reduce((a, b) => a.requestCount < b.requestCount ? a : b);
+        }
+        const account = available[this.currentIndex % available.length];
+        this.currentIndex = (this.currentIndex + 1) % available.length;
+        account.requestCount++;
+        account.lastUsed = Date.now();
+        return account;
+    }
+    getAll() {
+        return this.accounts;
+    }
+    getHealthy() {
+        return this.accounts.filter(a => a.healthy);
+    }
+    getStats() {
+        return this.accounts.map(a => ({
+            id: a.id,
+            healthy: a.healthy,
+            busy: a.busy,
+            requestCount: a.requestCount,
+            errorCount: a.errorCount,
+            expiresInMs: a.tokens.expiresAt - Date.now(),
+            lastUsedMs: a.lastUsed,
+            lastRefreshMs: a.lastRefresh,
+        }));
+    }
+}