aicodeswitch 5.1.2 → 5.2.0

package/dist/server/access-keys/quota-checker.js

@@ -0,0 +1,197 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.QuotaChecker = void 0;
+class QuotaChecker {
+    constructor() {
+        /** per keyId: 滑动窗口（60秒） */
+        Object.defineProperty(this, "rpmTracker", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: new Map()
+        });
+        /** per keyId: 当前并发数 */
+        Object.defineProperty(this, "concurrentTracker", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: new Map()
+        });
+    }
+    /**
+     * 检查所有配额限制，返回 null 表示通过，否则返回错误信息
+     */
+    checkQuota(policy, usage, keyId, requestModel) {
+        // 1. 模型过滤
+        if (requestModel) {
+            if (policy.allowedModels && policy.allowedModels.length > 0) {
+                if (!policy.allowedModels.some(m => this.matchModel(m, requestModel))) {
+                    return { error: 'MODEL_NOT_ALLOWED', message: `模型 ${requestModel} 不在允许列表中`, httpStatus: 403 };
+                }
+            }
+            if (policy.blockedModels && policy.blockedModels.length > 0) {
+                if (policy.blockedModels.some(m => this.matchModel(m, requestModel))) {
+                    return { error: 'MODEL_NOT_ALLOWED', message: `模型 ${requestModel} 已被禁止使用`, httpStatus: 403 };
+                }
+            }
+        }
+        if (!usage)
+            return null; // 无用量数据，跳过其余检查
+        const now = Date.now();
+        // 2. Token 日限额
+        if (policy.dailyTokenLimit) {
+            const limit = policy.dailyTokenLimit * 1000; // k → 实际 tokens
+            if (this.isPeriodExpired(usage.periods.daily.periodStart, 'daily')) {
+                // 周期已重置，通过
+            }
+            else if (usage.periods.daily.tokens >= limit) {
+                return { error: 'TOKEN_QUOTA_EXCEEDED', message: '今日 Token 配额已用尽', httpStatus: 429, dimension: 'dailyTokenLimit', usage: usage.periods.daily.tokens, limit };
+            }
+        }
+        // 3. Token 周限额
+        if (policy.weeklyTokenLimit) {
+            const limit = policy.weeklyTokenLimit * 1000;
+            if (this.isPeriodExpired(usage.periods.weekly.periodStart, 'weekly')) {
+                // 周期已重置，通过
+            }
+            else if (usage.periods.weekly.tokens >= limit) {
+                return { error: 'TOKEN_QUOTA_EXCEEDED', message: '本周 Token 配额已用尽', httpStatus: 429, dimension: 'weeklyTokenLimit', usage: usage.periods.weekly.tokens, limit };
+            }
+        }
+        // 4. Token 月限额
+        if (policy.monthlyTokenLimit) {
+            const limit = policy.monthlyTokenLimit * 1000;
+            if (this.isPeriodExpired(usage.periods.monthly.periodStart, 'monthly')) {
+                // 周期已重置，通过
+            }
+            else if (usage.periods.monthly.tokens >= limit) {
+                return { error: 'TOKEN_QUOTA_EXCEEDED', message: '本月 Token 配额已用尽', httpStatus: 429, dimension: 'monthlyTokenLimit', usage: usage.periods.monthly.tokens, limit };
+            }
+        }
+        // 5. Token 自定义周期
+        if (policy.customTokenLimit && policy.customTokenResetHours && usage.periods.custom) {
+            const limit = policy.customTokenLimit * 1000;
+            const resetMs = policy.customTokenResetHours * 3600 * 1000;
+            if (now - usage.periods.custom.periodStart >= resetMs) {
+                // 周期已重置，通过
+            }
+            else if (usage.periods.custom.tokens >= limit) {
+                return { error: 'TOKEN_QUOTA_EXCEEDED', message: 'Token 配额已用尽', httpStatus: 429, dimension: 'customTokenLimit', usage: usage.periods.custom.tokens, limit };
+            }
+        }
+        // 6. 请求日限额
+        if (policy.dailyRequestLimit) {
+            if (!this.isPeriodExpired(usage.periods.daily.periodStart, 'daily') && usage.periods.daily.requests >= policy.dailyRequestLimit) {
+                return { error: 'REQUEST_QUOTA_EXCEEDED', message: '今日请求次数已用尽', httpStatus: 429, dimension: 'dailyRequestLimit', usage: usage.periods.daily.requests, limit: policy.dailyRequestLimit };
+            }
+        }
+        // 7. 请求周限额
+        if (policy.weeklyRequestLimit) {
+            if (!this.isPeriodExpired(usage.periods.weekly.periodStart, 'weekly') && usage.periods.weekly.requests >= policy.weeklyRequestLimit) {
+                return { error: 'REQUEST_QUOTA_EXCEEDED', message: '本周请求次数已用尽', httpStatus: 429, dimension: 'weeklyRequestLimit', usage: usage.periods.weekly.requests, limit: policy.weeklyRequestLimit };
+            }
+        }
+        // 8. 请求月限额
+        if (policy.monthlyRequestLimit) {
+            if (!this.isPeriodExpired(usage.periods.monthly.periodStart, 'monthly') && usage.periods.monthly.requests >= policy.monthlyRequestLimit) {
+                return { error: 'REQUEST_QUOTA_EXCEEDED', message: '本月请求次数已用尽', httpStatus: 429, dimension: 'monthlyRequestLimit', usage: usage.periods.monthly.requests, limit: policy.monthlyRequestLimit };
+            }
+        }
+        // 9. 请求自定义周期
+        if (policy.customRequestLimit && policy.customRequestResetHours && usage.periods.custom) {
+            const resetMs = policy.customRequestResetHours * 3600 * 1000;
+            if (now - usage.periods.custom.periodStart < resetMs && usage.periods.custom.requests >= policy.customRequestLimit) {
+                return { error: 'REQUEST_QUOTA_EXCEEDED', message: '请求次数配额已用尽', httpStatus: 429, dimension: 'customRequestLimit', usage: usage.periods.custom.requests, limit: policy.customRequestLimit };
+            }
+        }
+        // 10. RPM 检查
+        if (policy.rpmLimit) {
+            const counter = this.getRpmCounter(keyId);
+            this.cleanExpiredTimestamps(counter, now);
+            if (counter.timestamps.length >= policy.rpmLimit) {
+                return { error: 'RPM_LIMIT_EXCEEDED', message: `每分钟请求数超过限制 (${policy.rpmLimit})`, httpStatus: 429, dimension: 'rpmLimit', usage: counter.timestamps.length, limit: policy.rpmLimit };
+            }
+        }
+        // 11. 并发检查
+        if (policy.concurrentLimit) {
+            const current = this.concurrentTracker.get(keyId) || 0;
+            if (current >= policy.concurrentLimit) {
+                return { error: 'CONCURRENT_LIMIT_EXCEEDED', message: `并发请求数超过限制 (${policy.concurrentLimit})`, httpStatus: 429, dimension: 'concurrentLimit', usage: current, limit: policy.concurrentLimit };
+            }
+        }
+        return null; // 所有检查通过
+    }
+    /** 请求开始：增加并发计数 + RPM 计数 */
+    onRequestStart(keyId, policy) {
+        // 并发 +1
+        const current = this.concurrentTracker.get(keyId) || 0;
+        this.concurrentTracker.set(keyId, current + 1);
+        // RPM +1
+        if (policy.rpmLimit) {
+            const counter = this.getRpmCounter(keyId);
+            counter.timestamps.push(Date.now());
+        }
+    }
+    /** 请求结束：减少并发计数 */
+    onRequestEnd(keyId) {
+        const current = this.concurrentTracker.get(keyId) || 0;
+        this.concurrentTracker.set(keyId, Math.max(0, current - 1));
+    }
+    /** 获取当前并发数 */
+    getConcurrentCount(keyId) {
+        return this.concurrentTracker.get(keyId) || 0;
+    }
+    /** 获取当前 RPM */
+    getCurrentRpm(keyId) {
+        const counter = this.rpmTracker.get(keyId);
+        if (!counter)
+            return 0;
+        this.cleanExpiredTimestamps(counter, Date.now());
+        return counter.timestamps.length;
+    }
+    // ---- helpers ----
+    getRpmCounter(keyId) {
+        let counter = this.rpmTracker.get(keyId);
+        if (!counter) {
+            counter = { timestamps: [] };
+            this.rpmTracker.set(keyId, counter);
+        }
+        return counter;
+    }
+    cleanExpiredTimestamps(counter, now) {
+        const windowMs = 60000; // 60 seconds
+        counter.timestamps = counter.timestamps.filter(t => now - t < windowMs);
+    }
+    isPeriodExpired(periodStart, type) {
+        const now = new Date();
+        switch (type) {
+            case 'daily': {
+                // UTC 00:00 重置
+                const todayStart = Date.UTC(now.getUTCFullYear(), now.getUTCMonth(), now.getUTCDate());
+                return periodStart < todayStart;
+            }
+            case 'weekly': {
+                // 周一 UTC 00:00 重置
+                const day = now.getUTCDay();
+                const mondayOffset = day === 0 ? 6 : day - 1;
+                const mondayStart = Date.UTC(now.getUTCFullYear(), now.getUTCMonth(), now.getUTCDate() - mondayOffset);
+                return periodStart < mondayStart;
+            }
+            case 'monthly': {
+                // 每月 1 日 UTC 00:00 重置
+                const monthStart = Date.UTC(now.getUTCFullYear(), now.getUTCMonth(), 1);
+                return periodStart < monthStart;
+            }
+        }
+    }
+    /** 模型名匹配（支持前缀匹配） */
+    matchModel(pattern, model) {
+        if (pattern === model)
+            return true;
+        // 支持前缀匹配，如 "claude-sonnet" 匹配 "claude-sonnet-4-20250514"
+        if (model.startsWith(pattern))
+            return true;
+        return false;
+    }
+}
+exports.QuotaChecker = QuotaChecker;

package/dist/server/access-keys/usage-tracker.js

@@ -0,0 +1,279 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UsageTracker = void 0;
+/**
+ * Key 级用量追踪器
+ * 负责用量的持久化、周期重置、历史记录
+ */
+const path_1 = __importDefault(require("path"));
+const promises_1 = __importDefault(require("fs/promises"));
+class UsageTracker {
+    constructor(dataPath) {
+        Object.defineProperty(this, "dataPath", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
+        /** 内存缓存 keyId → KeyUsage */
+        Object.defineProperty(this, "cache", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: new Map()
+        });
+        /** 脏数据标记 */
+        Object.defineProperty(this, "dirty", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: new Set()
+        });
+        /** debounce 写入定时器 */
+        Object.defineProperty(this, "flushTimer", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: null
+        });
+        Object.defineProperty(this, "FLUSH_INTERVAL", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: 5000
+        }); // 5 秒
+        this.dataPath = dataPath;
+    }
+    /** 初始化，确保目录存在 */
+    initialize() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const usageDir = path_1.default.join(this.dataPath, 'key-usage');
+            yield promises_1.default.mkdir(usageDir, { recursive: true });
+        });
+    }
+    /** 获取 KeyUsage（优先从缓存读取） */
+    getUsage(keyId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (this.cache.has(keyId)) {
+                return this.cache.get(keyId);
+            }
+            const usage = yield this.loadUsageFile(keyId);
+            this.cache.set(keyId, usage);
+            return usage;
+        });
+    }
+    /** 记录一次请求的 Token 消耗 */
+    recordTokenUsage(keyId, tokenUsage) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const usage = yield this.getUsage(keyId);
+            const now = Date.now();
+            const totalTokens = tokenUsage.totalTokens || (tokenUsage.inputTokens + tokenUsage.outputTokens);
+            // 更新 lifetime
+            usage.lifetime.totalTokens += totalTokens;
+            usage.lifetime.inputTokens += tokenUsage.inputTokens;
+            usage.lifetime.outputTokens += tokenUsage.outputTokens;
+            usage.lifetime.totalRequests += 1;
+            // 更新周期用量（自动检测重置）
+            this.updatePeriodTokens(usage.periods.daily, now, 'daily', totalTokens);
+            this.updatePeriodTokens(usage.periods.weekly, now, 'weekly', totalTokens);
+            this.updatePeriodTokens(usage.periods.monthly, now, 'monthly', totalTokens);
+            if (usage.periods.custom) {
+                this.updatePeriodTokens(usage.periods.custom, now, 'custom', totalTokens);
+            }
+            // 更新日历史
+            this.updateDailyHistory(usage, now, totalTokens, 0);
+            // 标记脏数据
+            this.markDirty(keyId);
+        });
+    }
+    /** 记录一次请求（仅计数，无 Token） */
+    recordRequest(keyId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const usage = yield this.getUsage(keyId);
+            const now = Date.now();
+            // 更新周期请求计数
+            this.updatePeriodRequests(usage.periods.daily, now, 'daily');
+            this.updatePeriodRequests(usage.periods.weekly, now, 'weekly');
+            this.updatePeriodRequests(usage.periods.monthly, now, 'monthly');
+            if (usage.periods.custom) {
+                this.updatePeriodRequests(usage.periods.custom, now, 'custom');
+            }
+            this.markDirty(keyId);
+        });
+    }
+    /** 记录错误 */
+    recordError(keyId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const usage = yield this.getUsage(keyId);
+            usage.lifetime.errorCount += 1;
+            const now = Date.now();
+            const today = this.formatDate(now);
+            const record = usage.dailyHistory.find(h => h.date === today);
+            if (record) {
+                record.errors += 1;
+            }
+            this.markDirty(keyId);
+        });
+    }
+    /** 获取用量趋势 */
+    getTrend(keyId_1) {
+        return __awaiter(this, arguments, void 0, function* (keyId, days = 30) {
+            const usage = yield this.getUsage(keyId);
+            return usage.dailyHistory.slice(-days);
+        });
+    }
+    /** 刷新脏数据到磁盘 */
+    flush() {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (this.dirty.size === 0)
+                return;
+            const keys = Array.from(this.dirty);
+            this.dirty.clear();
+            yield Promise.all(keys.map(keyId => this.saveUsageFile(keyId)));
+        });
+    }
+    /** 定时刷新 */
+    startAutoFlush() {
+        this.flushTimer = setInterval(() => {
+            this.flush().catch(err => console.error('[UsageTracker] Auto flush error:', err));
+        }, this.FLUSH_INTERVAL);
+    }
+    /** 停止自动刷新 */
+    stopAutoFlush() {
+        if (this.flushTimer) {
+            clearInterval(this.flushTimer);
+            this.flushTimer = null;
+        }
+    }
+    // ---- helpers ----
+    loadUsageFile(keyId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const filePath = this.getUsageFilePath(keyId);
+            try {
+                const data = yield promises_1.default.readFile(filePath, 'utf-8');
+                return JSON.parse(data);
+            }
+            catch (_a) {
+                return this.createEmptyUsage(keyId);
+            }
+        });
+    }
+    saveUsageFile(keyId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const usage = this.cache.get(keyId);
+            if (!usage)
+                return;
+            const filePath = this.getUsageFilePath(keyId);
+            const dir = path_1.default.dirname(filePath);
+            yield promises_1.default.mkdir(dir, { recursive: true });
+            // 原子写入
+            const tmpPath = filePath + '.tmp';
+            yield promises_1.default.writeFile(tmpPath, JSON.stringify(usage, null, 2), 'utf-8');
+            yield promises_1.default.rename(tmpPath, filePath);
+        });
+    }
+    getUsageFilePath(keyId) {
+        return path_1.default.join(this.dataPath, 'key-usage', `${keyId}.json`);
+    }
+    createEmptyUsage(keyId) {
+        const now = Date.now();
+        return {
+            keyId,
+            lifetime: { totalTokens: 0, inputTokens: 0, outputTokens: 0, totalRequests: 0, errorCount: 0 },
+            periods: {
+                daily: { tokens: 0, requests: 0, periodStart: now },
+                weekly: { tokens: 0, requests: 0, periodStart: now },
+                monthly: { tokens: 0, requests: 0, periodStart: now },
+            },
+            dailyHistory: [],
+        };
+    }
+    /** 更新周期 Token（自动检测重置） */
+    updatePeriodTokens(period, now, type, tokens) {
+        if (this.isPeriodExpired(period.periodStart, now, type)) {
+            period.tokens = tokens;
+            period.requests = 0;
+            period.periodStart = now;
+        }
+        else {
+            period.tokens += tokens;
+        }
+    }
+    /** 更新周期请求计数（自动检测重置） */
+    updatePeriodRequests(period, now, type) {
+        if (this.isPeriodExpired(period.periodStart, now, type)) {
+            period.requests = 1;
+            period.tokens = 0;
+            period.periodStart = now;
+        }
+        else {
+            period.requests += 1;
+        }
+    }
+    /** 检查周期是否已过期（需要重置） */
+    isPeriodExpired(periodStart, now, type) {
+        switch (type) {
+            case 'daily': {
+                const d1 = new Date(periodStart);
+                const d2 = new Date(now);
+                return d1.getUTCFullYear() !== d2.getUTCFullYear() ||
+                    d1.getUTCMonth() !== d2.getUTCMonth() ||
+                    d1.getUTCDate() !== d2.getUTCDate();
+            }
+            case 'weekly': {
+                // 简单判断：如果超过 7 天
+                return (now - periodStart) > 7 * 24 * 3600 * 1000;
+            }
+            case 'monthly': {
+                const d1 = new Date(periodStart);
+                const d2 = new Date(now);
+                return d1.getUTCFullYear() !== d2.getUTCFullYear() || d1.getUTCMonth() !== d2.getUTCMonth();
+            }
+            case 'custom':
+                // 自定义周期由外部处理
+                return false;
+        }
+    }
+    /** 更新日历史记录 */
+    updateDailyHistory(usage, now, tokens, errors) {
+        const today = this.formatDate(now);
+        const existing = usage.dailyHistory.find(h => h.date === today);
+        if (existing) {
+            existing.tokens += tokens;
+            existing.requests += 1;
+            existing.errors += errors;
+        }
+        else {
+            usage.dailyHistory.push({
+                date: today,
+                tokens,
+                requests: 1,
+                errors,
+            });
+            // 保留最近 90 天
+            if (usage.dailyHistory.length > 90) {
+                usage.dailyHistory = usage.dailyHistory.slice(-90);
+            }
+        }
+    }
+    formatDate(ts) {
+        const d = new Date(ts);
+        return `${d.getUTCFullYear()}-${String(d.getUTCMonth() + 1).padStart(2, '0')}-${String(d.getUTCDate()).padStart(2, '0')}`;
+    }
+    markDirty(keyId) {
+        this.dirty.add(keyId);
+    }
+}
+exports.UsageTracker = UsageTracker;

package/dist/server/auth.js

@@ -60,6 +60,10 @@ function verifyToken(token) {
  *
  * 如果未启用鉴权,直接放行
  * 如果启用鉴权但 token 无效,返回 401
+ *
+ * 认证 Header 策略：
+ * - `Access-Token: <jwt_token>` — 管理面板 JWT 认证
+ * - `Authorization: Bearer ...` — 可能是 AccessKey（sk_ 前缀），跳过此中间件，由代理引擎处理
  */
 function authMiddleware(req, res, next) {
     // 如果未启用鉴权,直接放行
@@ -67,14 +71,22 @@ function authMiddleware(req, res, next) {
         next();
         return;
     }
-    // 从 Authorization header 中提取 token
+    // 如果请求带有 Authorization header，视为 AccessKey 请求，跳过管理面板认证
+    // 由代理引擎在业务前置对 AccessKey 进行鉴权
     const authHeader = req.headers.authorization;
-    if (!authHeader || !authHeader.startsWith('Bearer ')) {
+    if (authHeader) {
+        next();
+        return;
+    }
+    // 从 Access-Token header 或查询参数中提取 JWT token
+    // 查询参数支持用于 EventSource 等 API（无法设置自定义 Header）
+    const accessToken = req.headers['access-token']
+        || req.query.token;
+    if (!accessToken) {
         res.status(401).json({ error: 'Unauthorized: Missing or invalid token' });
         return;
     }
-    const token = authHeader.substring(7); // 移除 "Bearer " 前缀
-    if (verifyToken(token)) {
+    if (verifyToken(accessToken)) {
         next();
     }
     else {

package/dist/server/coding-plan-headers.js

@@ -0,0 +1,121 @@
+"use strict";
+/**
+ * 编程套餐 Headers 覆盖模块
+ *
+ * 当 APIService 启用 enableCodingPlan 时，将发送到上游的请求 Headers
+ * 覆盖为对应编程工具（Claude Code / Codex）的标准 Headers，
+ * 使供应商验证通过。
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.applyCodingPlanHeaders = applyCodingPlanHeaders;
+const crypto_1 = __importDefault(require("crypto"));
+/**
+ * 代理已设置的需要保留的 Headers
+ * 这些 Headers 由 buildUpstreamHeaders 设置，不能被覆盖删除
+ */
+const KEEP_HEADERS = new Set([
+    'authorization', // 认证头
+    'x-api-key', // Claude 认证头
+    'x-goog-api-key', // Gemini 认证头
+    'content-type', // 内容类型
+    'accept', // 接受类型
+    'accept-encoding', // 编码
+    'connection', // 连接
+    'content-length', // 内容长度
+    'anthropic-version', // Claude API 版本
+]);
+/**
+ * 构建 Claude Code 标准请求 Headers
+ */
+function buildClaudeCodeHeaders(sessionId) {
+    return {
+        'user-agent': 'claude-cli/2.1.168 (external, claude-vscode, agent-sdk/0.3.168)',
+        'x-claude-code-session-id': sessionId,
+        'x-stainless-arch': 'arm64',
+        'x-stainless-lang': 'js',
+        'x-stainless-os': 'MacOS',
+        'x-stainless-package-version': '0.94.0',
+        'x-stainless-retry-count': '0',
+        'x-stainless-runtime': 'node',
+        'x-stainless-runtime-version': 'v24.3.0',
+        'x-stainless-timeout': '3000',
+        'anthropic-beta': 'claude-code-20250219,context-1m-2025-08-07,interleaved-thinking-2025-05-14,context-management-2025-06-27,prompt-caching-scope-2026-01-05,mid-conversation-system-2026-04-07,effort-2025-11-24',
+        'anthropic-dangerous-direct-browser-access': 'true',
+        'x-app': 'cli',
+    };
+}
+/**
+ * 构建 Codex 标准请求 Headers
+ */
+function buildCodexHeaders(sessionId) {
+    return {
+        'x-codex-beta-features': 'terminal_resize_reflow,remote_compaction_v2',
+        'x-codex-turn-metadata': JSON.stringify({
+            session_id: sessionId,
+            thread_id: sessionId,
+            thread_source: 'user',
+            turn_id: crypto_1.default.randomUUID(),
+            sandbox: 'none',
+            workspace_kind: 'project',
+            request_kind: 'turn',
+        }),
+        'x-codex-window-id': `${sessionId}:0`,
+        'x-client-request-id': sessionId,
+        'session-id': sessionId,
+        'thread-id': sessionId,
+        'originator': 'codex_vscode',
+        'user-agent': 'codex_vscode/0.137.0-alpha.4 (Mac OS 26.5.0; arm64) unknown (VS Code; 26.602.40724)',
+    };
+}
+/**
+ * 判断 sourceType 是否为 Claude 源
+ */
+function isClaudeSourceType(sourceType) {
+    return sourceType === 'claude' || sourceType === 'claude-chat';
+}
+/**
+ * 判断 sourceType 是否为 OpenAI 源
+ */
+function isOpenAISourceType(sourceType) {
+    return sourceType === 'openai' || sourceType === 'openai-chat';
+}
+/**
+ * 应用编程工具 Headers 覆盖
+ *
+ * 当 service.enableCodingPlan 为 true 时调用。
+ * 清除原始请求中无关的 Headers，注入对应编程工具的标准 Headers。
+ *
+ * - Claude 源（claude/claude-chat）→ 注入 Claude Code Headers
+ * - OpenAI 源（openai/openai-chat）→ 注入 Codex Headers
+ * - Gemini 源不处理，保持原样
+ *
+ * @param headers     当前已构建的上游 Headers（会被原地修改）
+ * @param sourceType  上游服务的源类型
+ */
+function applyCodingPlanHeaders(headers, sourceType) {
+    const isClaude = isClaudeSourceType(sourceType);
+    const isOpenAI = isOpenAISourceType(sourceType);
+    // Gemini 源不需要 Headers 覆盖
+    if (!isClaude && !isOpenAI) {
+        return;
+    }
+    const sessionId = crypto_1.default.randomUUID();
+    // 1. 删除不在保留列表中的 Headers
+    for (const key of Object.keys(headers)) {
+        if (!KEEP_HEADERS.has(key.toLowerCase())) {
+            delete headers[key];
+        }
+    }
+    // 2. 注入编程工具标准 Headers
+    // 2. 注入编程工具标准 Headers
+    const toolHeaders = isClaude
+        ? buildClaudeCodeHeaders(sessionId)
+        : buildCodexHeaders(sessionId);
+    for (const [key, value] of Object.entries(toolHeaders)) {
+        headers[key] = value;
+    }
+    console.log(`\x1b[36m[CodingPlan-Headers]\x1b[0m Applied ${isClaude ? 'Claude Code' : 'Codex'} header override for upstream sourceType=${sourceType}`);
+}

package/dist/server/config-managed-fields.js

@@ -6,9 +6,11 @@ exports.getManagedFields = exports.CODEX_AUTH_MANAGED_FIELDS = exports.CODEX_CON
  */
 exports.CLAUDE_SETTINGS_MANAGED_FIELDS = [
     { path: ['env', 'ANTHROPIC_AUTH_TOKEN'] },
+    { path: ['env', 'ANTHROPIC_API_KEY'], optional: true },
     { path: ['env', 'ANTHROPIC_BASE_URL'] },
     { path: ['env', 'API_TIMEOUT_MS'] },
     { path: ['env', 'CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC'] },
+    { path: ['env', 'CLAUDE_CODE_MAX_RETRIES'] },
     { path: ['env', 'CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS'], optional: true },
     { path: ['env', 'CLAUDE_AUTOCOMPACT_PCT_OVERRIDE'], optional: true },
     { path: ['env', 'ANTHROPIC_DEFAULT_HAIKU_MODEL'], optional: true },

package/dist/server/conversions/index.js

@@ -91,6 +91,7 @@ const response_js_12 = require("./pairs/gemini-responses/response.js");
 const streaming_js_12 = require("./pairs/gemini-responses/streaming.js");
 // --- Provider-driven post-processing ---
 const mapper_js_2 = require("./thinking/mapper.js");
+const tool_result_js_1 = require("./utils/tool-result.js");
 const effort_js_1 = require("./thinking/effort.js");
 // ============================================================
 // Public API: Request Transformation
@@ -294,6 +295,13 @@ function buildTargetBody(options) {
     if (toFormat === 'claude' && result.thinking && result.messages) {
         result.messages = (0, mapper_js_2.fixThinkingHistory)(result.messages, 'claude');
     }
+    // --- Ensure tool_result blocks have id for Claude-compatible providers ---
+    // Some providers (e.g. GLM) require an id field on tool_result content blocks,
+    // but standard Claude API tool_result blocks only have tool_use_id without id.
+    if (toFormat === 'claude' && result.messages) {
+        const { messages: patchedMessages } = (0, tool_result_js_1.ensureToolResultIds)(result.messages);
+        result.messages = patchedMessages;
+    }
     return result;
 }
 /** Identity converter that passes events through unchanged */