npm - antigravity-claude-proxy - Versions diffs - 2.4.0 → 2.4.2 - Mend

antigravity-claude-proxy 2.4.0 → 2.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/README.md +70 -6
package/package.json +3 -2
package/public/index.html +2 -1
package/public/js/components/dashboard/charts.js +17 -16
package/public/js/components/dashboard/filters.js +2 -2
package/public/js/components/logs-viewer.js +2 -2
package/public/js/data-store.js +7 -4
package/public/js/utils/ui-logger.js +143 -0
package/src/auth/oauth.js +86 -12
package/src/constants.js +9 -3
package/src/format/request-converter.js +9 -2
package/src/format/thinking-utils.js +92 -2

package/README.md CHANGED Viewed

@@ -84,6 +84,8 @@ Choose one of the following methods to authorize the proxy:
 2. Navigate to the **Accounts** tab and click **Add Account**.
 3. Complete the Google OAuth authorization in the popup window.
+> **Headless/Remote Servers**: If running on a server without a browser, the WebUI supports a "Manual Authorization" mode. After clicking "Add Account", you can copy the OAuth URL, complete authorization on your local machine, and paste the authorization code back.
 #### **Method B: CLI (Desktop or Headless)**
 If you prefer the terminal or are on a remote server:
@@ -152,15 +154,13 @@ Add this configuration:
     "ANTHROPIC_MODEL": "claude-opus-4-5-thinking",
     "ANTHROPIC_DEFAULT_OPUS_MODEL": "claude-opus-4-5-thinking",
     "ANTHROPIC_DEFAULT_SONNET_MODEL": "claude-sonnet-4-5-thinking",
-    "ANTHROPIC_DEFAULT_HAIKU_MODEL": "gemini-2.5-flash-lite[1m]",
+    "ANTHROPIC_DEFAULT_HAIKU_MODEL": "claude-sonnet-4-5",
     "CLAUDE_CODE_SUBAGENT_MODEL": "claude-sonnet-4-5-thinking",
     "ENABLE_EXPERIMENTAL_MCP_CLI": "true"
   }
 }
 ```
-(Please use **gemini-2.5-flash-lite** as the default haiku model, even if others are claude, as claude code makes several calls via the haiku model for background tasks. If you use claude model for it, you may use you claude usage sooner)
 Or to use Gemini models:
 ```json
@@ -171,7 +171,7 @@ Or to use Gemini models:
     "ANTHROPIC_MODEL": "gemini-3-pro-high[1m]",
     "ANTHROPIC_DEFAULT_OPUS_MODEL": "gemini-3-pro-high[1m]",
     "ANTHROPIC_DEFAULT_SONNET_MODEL": "gemini-3-flash[1m]",
-    "ANTHROPIC_DEFAULT_HAIKU_MODEL": "gemini-2.5-flash-lite[1m]",
+    "ANTHROPIC_DEFAULT_HAIKU_MODEL": "gemini-3-flash[1m]",
     "CLAUDE_CODE_SUBAGENT_MODEL": "gemini-3-flash[1m]",
     "ENABLE_EXPERIMENTAL_MCP_CLI": "true"
   }
@@ -280,7 +280,7 @@ Choose a strategy based on your needs:
 | Strategy | Best For | Description |
 | --- | --- | --- |
-| **Hybrid** (Default) | Most users | Smart selection combining health score, token bucket rate limiting, and LRU freshness |
+| **Hybrid** (Default) | Most users | Smart selection combining health score, token bucket rate limiting, quota awareness, and LRU freshness |
 | **Sticky** | Prompt caching | Stays on the same account to maximize cache hits, switches only when rate-limited |
 | **Round-Robin** | Even distribution | Cycles through accounts sequentially for balanced load |
@@ -298,6 +298,8 @@ antigravity-claude-proxy start --strategy=round-robin  # Load-balanced
 - **Health Score Tracking**: Accounts earn points for successful requests and lose points for failures/rate-limits
 - **Token Bucket Rate Limiting**: Client-side throttling with regenerating tokens (50 max, 6/minute)
+- **Quota Awareness**: Accounts with critical quota (<5%) are deprioritized; exhausted accounts trigger emergency fallback
+- **Emergency Fallback**: When all accounts appear exhausted, bypasses checks with throttle delays (250-500ms)
 - **Automatic Cooldown**: Rate-limited accounts recover automatically after reset time expires
 - **Invalid Account Detection**: Accounts needing re-authentication are marked and skipped
 - **Prompt Caching Support**: Session IDs derived from conversation enable cache hits across turns
@@ -340,13 +342,14 @@ The proxy includes a built-in, modern web interface for real-time monitoring and
 - **Real-time Dashboard**: Monitor request volume, active accounts, model health, and subscription tier distribution.
 - **Visual Model Quota**: Track per-model usage and next reset times with color-coded progress indicators.
 - **Account Management**: Add/remove Google accounts via OAuth, view subscription tiers (Free/Pro/Ultra) and quota status at a glance.
+- **Manual OAuth Mode**: Add accounts on headless servers by copying the OAuth URL and pasting the authorization code.
 - **Claude CLI Configuration**: Edit your `~/.claude/settings.json` directly from the browser.
 - **Persistent History**: Tracks request volume by model family for 30 days, persisting across server restarts.
 - **Time Range Filtering**: Analyze usage trends over 1H, 6H, 24H, 7D, or All Time periods.
 - **Smart Analysis**: Auto-select top 5 most used models or toggle between Family/Model views.
 - **Live Logs**: Stream server logs with level-based filtering and search.
 - **Advanced Tuning**: Configure retries, timeouts, and debug mode on the fly.
-- **Bilingual Interface**: Full support for English and Chinese (switch via Settings).
+- **Multi-language Interface**: Full support for English, Chinese (中文), Indonesian (Bahasa), and Portuguese (PT-BR).
 ---
@@ -360,9 +363,11 @@ While most users can use the default settings, you can tune the proxy behavior v
 - **WebUI Password**: Secure your dashboard with `WEBUI_PASSWORD` env var or in config.
 - **Custom Port**: Change the default `8080` port.
 - **Retry Logic**: Configure `maxRetries`, `retryBaseMs`, and `retryMaxMs`.
+- **Rate Limit Handling**: Comprehensive rate limit detection from headers and error messages with intelligent retry-after parsing.
 - **Load Balancing**: Adjust `defaultCooldownMs` and `maxWaitBeforeErrorMs`.
 - **Persistence**: Enable `persistTokenCache` to save OAuth sessions across restarts.
 - **Max Accounts**: Set `maxAccounts` (1-100) to limit the number of Google accounts. Default: 10.
+- **Endpoint Fallback**: Automatic 403/404 endpoint fallback for API compatibility.
 Refer to `config.example.json` for a complete list of fields and documentation.
@@ -421,12 +426,71 @@ npm run test:interleaved   # Interleaved thinking
 npm run test:images        # Image processing
 npm run test:caching       # Prompt caching
 npm run test:strategies    # Account selection strategies
+npm run test:cache-control # Cache control field stripping
 ```
 ---
 ## Troubleshooting
+### Windows: OAuth Port Error (EACCES)
+On Windows, the default OAuth callback port (51121) may be reserved by Hyper-V, WSL2, or Docker. If you see:
+```
+Error: listen EACCES: permission denied 0.0.0.0:51121
+```
+The proxy will automatically try fallback ports (51122-51126). If all ports fail, try these solutions:
+#### Option 1: Use a Custom Port (Recommended)
+Set a custom port outside the reserved range:
+```bash
+# Windows PowerShell
+$env:OAUTH_CALLBACK_PORT = "3456"
+antigravity-claude-proxy start
+# Windows CMD
+set OAUTH_CALLBACK_PORT=3456
+antigravity-claude-proxy start
+# Or add to your .env file
+OAUTH_CALLBACK_PORT=3456
+```
+#### Option 2: Reset Windows NAT
+Run as Administrator:
+```powershell
+net stop winnat
+net start winnat
+```
+#### Option 3: Check Reserved Ports
+See which ports are reserved:
+```powershell
+netsh interface ipv4 show excludedportrange protocol=tcp
+```
+If 51121 is in a reserved range, use Option 1 with a port outside those ranges.
+#### Option 4: Permanently Exclude Port (Admin)
+Reserve the port before Hyper-V claims it (run as Administrator):
+```powershell
+netsh int ipv4 add excludedportrange protocol=tcp startport=51121 numberofports=1
+```
+> **Note:** The server automatically tries fallback ports (51122-51126) if the primary port fails.
+---
 ### "Could not extract token from Antigravity"
 If using single-account mode with Antigravity:

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "antigravity-claude-proxy",
-  "version": "2.4.0",
+  "version": "2.4.2",
   "description": "Proxy server to use Antigravity's Claude models with Claude Code CLI",
   "main": "src/index.js",
   "type": "module",
@@ -35,7 +35,8 @@
     "test:oauth": "node tests/test-oauth-no-browser.cjs",
     "test:emptyretry": "node tests/test-empty-response-retry.cjs",
     "test:sanitizer": "node tests/test-schema-sanitizer.cjs",
-    "test:strategies": "node tests/test-strategies.cjs"
+    "test:strategies": "node tests/test-strategies.cjs",
+    "test:cache-control": "node tests/test-cache-control.cjs"
   },
   "keywords": [
     "claude",

package/public/index.html CHANGED Viewed

@@ -18,7 +18,7 @@
 <body
     class="bg-space-950 text-gray-300 font-sans antialiased min-h-screen overflow-hidden selection:bg-neon-purple selection:text-white"
-    x-cloak x-data="app" x-init="console.log('App initialized')">
+    x-cloak x-data="app" x-init="if(window.UILogger) window.UILogger.debug('App initialized')">
     <!-- Toast Notification -->
     <div class="fixed top-4 right-4 z-[100] flex flex-col gap-2 pointer-events-none">
@@ -389,6 +389,7 @@
     <!-- Scripts - Loading Order Matters! -->
     <!-- 1. Config & Utils (global helpers) -->
     <script src="js/config/constants.js"></script>
+    <script src="js/utils/ui-logger.js"></script><!-- Issue #183: Conditional logging utility -->
     <script src="js/utils.js"></script>
     <script src="js/utils/error-handler.js"></script>
     <script src="js/utils/account-actions.js"></script>

package/public/js/components/dashboard/charts.js CHANGED Viewed

@@ -106,7 +106,7 @@ window.DashboardCharts.createDataset = function (label, data, color, canvas) {
       }
     }
   } catch (e) {
-    console.warn("Failed to create gradient, using solid color fallback:", e);
+    if (window.UILogger) window.UILogger.debug("Gradient fallback:", e.message);
     gradient = null;
   }
@@ -149,7 +149,7 @@ window.DashboardCharts.updateCharts = function (component) {
     console.debug("Destroying existing quota chart from canvas property");
     try {
         canvas._chartInstance.destroy();
-    } catch(e) { console.warn(e); }
+    } catch(e) { if (window.UILogger) window.UILogger.debug(e); }
     canvas._chartInstance = null;
   }
@@ -170,11 +170,11 @@ window.DashboardCharts.updateCharts = function (component) {
   }
   if (typeof Chart === "undefined") {
-    console.warn("Chart.js not loaded");
+    if (window.UILogger) window.UILogger.warn("Chart.js not loaded");
     return;
   }
   if (!isCanvasReady(canvas)) {
-    console.debug("quotaChart canvas not ready, skipping update");
+    if (window.UILogger) window.UILogger.debug("quotaChart canvas not ready, skipping update");
     return;
   }
@@ -319,12 +319,13 @@ window.DashboardCharts.updateCharts = function (component) {
 window.DashboardCharts.updateTrendChart = function (component) {
   // Prevent concurrent updates (fixes race condition on rapid toggling)
   if (_trendChartUpdateLock) {
-    console.log("[updateTrendChart] Update already in progress, skipping");
+    if (window.UILogger) window.UILogger.debug("[updateTrendChart] Update already in progress, skipping");
     return;
   }
   _trendChartUpdateLock = true;
-  console.log("[updateTrendChart] Starting update...");
+  const logger = window.UILogger || console;
+  logger.debug("[updateTrendChart] Starting update...");
   const canvas = document.getElementById("usageTrendChart");
@@ -335,7 +336,7 @@ window.DashboardCharts.updateTrendChart = function (component) {
         try {
             canvas._chartInstance.stop();
             canvas._chartInstance.destroy();
-        } catch(e) { console.warn(e); }
+        } catch(e) { if (window.UILogger) window.UILogger.debug(e); }
         canvas._chartInstance = null;
       }
@@ -359,17 +360,17 @@ window.DashboardCharts.updateTrendChart = function (component) {
   // Safety checks
   if (!canvas) {
-    console.error("[updateTrendChart] Canvas not found in DOM!");
-    _trendChartUpdateLock = false; // Release lock!
+    if (window.UILogger) window.UILogger.debug("[updateTrendChart] Canvas not found in DOM");
+    _trendChartUpdateLock = false;
     return;
   }
   if (typeof Chart === "undefined") {
-    console.error("[updateTrendChart] Chart.js not loaded");
-    _trendChartUpdateLock = false; // Release lock!
+    if (window.UILogger) window.UILogger.warn("[updateTrendChart] Chart.js not loaded");
+    _trendChartUpdateLock = false;
     return;
   }
-  console.log("[updateTrendChart] Canvas element:", {
+  if (window.UILogger) window.UILogger.debug("[updateTrendChart] Canvas element:", {
     exists: !!canvas,
     isConnected: canvas.isConnected,
     width: canvas.offsetWidth,
@@ -378,7 +379,7 @@ window.DashboardCharts.updateTrendChart = function (component) {
   });
   if (!isCanvasReady(canvas)) {
-    console.error("[updateTrendChart] Canvas not ready!", {
+    if (window.UILogger) window.UILogger.debug("[updateTrendChart] Canvas not ready", {
       isConnected: canvas.isConnected,
       width: canvas.offsetWidth,
       height: canvas.offsetHeight,
@@ -394,17 +395,17 @@ window.DashboardCharts.updateTrendChart = function (component) {
       ctx.clearRect(0, 0, canvas.width, canvas.height);
     }
   } catch (e) {
-    console.warn("[updateTrendChart] Failed to clear canvas:", e);
+    if (window.UILogger) window.UILogger.debug("[updateTrendChart] Failed to clear canvas:", e.message);
   }
-  console.log(
+  if (window.UILogger) window.UILogger.debug(
     "[updateTrendChart] Canvas is ready, proceeding with chart creation"
   );
   // Use filtered history data based on time range
   const history = window.DashboardFilters.getFilteredHistoryData(component);
   if (!history || Object.keys(history).length === 0) {
-    console.warn("No history data available for trend chart (after filtering)");
+    if (window.UILogger) window.UILogger.debug("No history data available for trend chart (after filtering)");
     component.hasFilteredTrendData = false;
     _trendChartUpdateLock = false;
     return;

package/public/js/components/dashboard/filters.js CHANGED Viewed

@@ -50,7 +50,7 @@ window.DashboardFilters.loadPreferences = function(component) {
             component.selectedModels = prefs.selectedModels || {};
         }
     } catch (e) {
-        console.error('Failed to load dashboard preferences:', e);
+        if (window.UILogger) window.UILogger.debug('Failed to load dashboard preferences:', e.message);
     }
 };
@@ -67,7 +67,7 @@ window.DashboardFilters.savePreferences = function(component) {
             selectedModels: component.selectedModels
         }));
     } catch (e) {
-        console.error('Failed to save dashboard preferences:', e);
+        if (window.UILogger) window.UILogger.debug('Failed to save dashboard preferences:', e.message);
     }
 };

package/public/js/components/logs-viewer.js CHANGED Viewed

@@ -79,12 +79,12 @@ window.Components.logsViewer = () => ({
                     this.$nextTick(() => this.scrollToBottom());
                 }
             } catch (e) {
-                console.error('Log parse error:', e);
+                if (window.UILogger) window.UILogger.debug('Log parse error:', e.message);
             }
         };
         this.eventSource.onerror = () => {
-            console.warn('Log stream disconnected, reconnecting...');
+            if (window.UILogger) window.UILogger.debug('Log stream disconnected, reconnecting...');
             setTimeout(() => this.startLogStream(), 3000);
         };
     },

package/public/js/data-store.js CHANGED Viewed

@@ -55,7 +55,7 @@ document.addEventListener('alpine:init', () => {
                     // Check TTL
                     if (data.timestamp && (Date.now() - data.timestamp > CACHE_TTL)) {
-                        console.log('Cache expired, skipping restoration');
+                        if (window.UILogger) window.UILogger.debug('Cache expired, skipping restoration');
                         localStorage.removeItem('ag_data_cache');
                         return;
                     }
@@ -70,11 +70,11 @@ document.addEventListener('alpine:init', () => {
                         // Don't show loading on initial load if we have cache
                         this.initialLoad = false;
                         this.computeQuotaRows();
-                        console.log('Restored data from cache');
+                        if (window.UILogger) window.UILogger.debug('Restored data from cache');
                     }
                 }
             } catch (e) {
-                console.warn('Failed to load cache', e);
+                if (window.UILogger) window.UILogger.debug('Failed to load cache', e.message);
             }
         },
@@ -89,7 +89,7 @@ document.addEventListener('alpine:init', () => {
                 };
                 localStorage.setItem('ag_data_cache', JSON.stringify(cacheData));
             } catch (e) {
-                console.warn('Failed to save cache', e);
+                if (window.UILogger) window.UILogger.debug('Failed to save cache', e.message);
             }
         },
@@ -127,6 +127,7 @@ document.addEventListener('alpine:init', () => {
                 this.lastUpdated = new Date().toLocaleTimeString();
             } catch (error) {
+                // Keep error logging for actual fetch failures
                 console.error('Fetch error:', error);
                 const store = Alpine.store('global');
                 store.showToast(store.t('connectionLost'), 'error');
@@ -237,6 +238,7 @@ document.addEventListener('alpine:init', () => {
                 let minResetTime = null;
                 this.accounts.forEach(acc => {
+                    if (acc.enabled === false) return;
                     if (this.filters.account !== 'all' && acc.email !== this.filters.account) return;
                     const limit = acc.limits?.[modelId];
@@ -352,6 +354,7 @@ document.addEventListener('alpine:init', () => {
                 const quotaInfo = [];
                 // Use ALL accounts (no account filter)
                 this.accounts.forEach(acc => {
+                    if (acc.enabled === false) return;
                     const limit = acc.limits?.[modelId];
                     if (!limit) return;
                     const pct = limit.remainingFraction !== null ? Math.round(limit.remainingFraction * 100) : 0;

package/public/js/utils/ui-logger.js ADDED Viewed

@@ -0,0 +1,143 @@
+/**
+ * UI Logger Utility
+ * Provides conditional logging for the web UI to reduce console spam in production.
+ * Wraps console methods and only outputs when debug mode is enabled.
+ *
+ * Usage:
+ *   window.UILogger.debug('message')  - Only logs if debug mode enabled
+ *   window.UILogger.info('message')   - Only logs if debug mode enabled
+ *   window.UILogger.warn('message')   - Always logs (important warnings)
+ *   window.UILogger.error('message')  - Always logs (errors should always be visible)
+ *
+ * Enable debug mode:
+ *   - Set localStorage.setItem('ag_debug', 'true') in browser console
+ *   - Or pass ?debug=true in URL
+ */
+(function() {
+    'use strict';
+    // Check if debug mode is enabled
+    function isDebugEnabled() {
+        // Check URL parameter
+        const urlParams = new URLSearchParams(window.location.search);
+        if (urlParams.get('debug') === 'true') {
+            return true;
+        }
+        // Check localStorage
+        try {
+            return localStorage.getItem('ag_debug') === 'true';
+        } catch (e) {
+            return false;
+        }
+    }
+    // Cache debug state (can be refreshed)
+    let debugEnabled = isDebugEnabled();
+    window.UILogger = {
+        /**
+         * Refresh debug state (call after changing localStorage)
+         */
+        refresh() {
+            debugEnabled = isDebugEnabled();
+        },
+        /**
+         * Enable debug mode
+         */
+        enableDebug() {
+            try {
+                localStorage.setItem('ag_debug', 'true');
+                debugEnabled = true;
+                console.info('[UILogger] Debug mode enabled. Refresh page to see all logs.');
+            } catch (e) {
+                console.warn('[UILogger] Could not save debug preference');
+            }
+        },
+        /**
+         * Disable debug mode
+         */
+        disableDebug() {
+            try {
+                localStorage.removeItem('ag_debug');
+                debugEnabled = false;
+                console.info('[UILogger] Debug mode disabled.');
+            } catch (e) {
+                // Ignore
+            }
+        },
+        /**
+         * Check if debug mode is enabled
+         * @returns {boolean}
+         */
+        isDebug() {
+            return debugEnabled;
+        },
+        /**
+         * Debug level - only logs if debug mode enabled
+         * Use for verbose debugging info (chart updates, cache operations, etc.)
+         */
+        debug(...args) {
+            if (debugEnabled) {
+                console.log('[DEBUG]', ...args);
+            }
+        },
+        /**
+         * Info level - only logs if debug mode enabled
+         * Use for informational messages that aren't errors
+         */
+        info(...args) {
+            if (debugEnabled) {
+                console.info('[INFO]', ...args);
+            }
+        },
+        /**
+         * Log level - alias for debug
+         */
+        log(...args) {
+            if (debugEnabled) {
+                console.log(...args);
+            }
+        },
+        /**
+         * Warn level - always logs
+         * Use for important warnings that users should see
+         * But suppress noisy/expected warnings unless in debug mode
+         */
+        warn(...args) {
+            // In production, only show critical warnings
+            // In debug mode, show all warnings
+            if (debugEnabled) {
+                console.warn(...args);
+            }
+        },
+        /**
+         * Warn level that always shows (for critical warnings)
+         */
+        warnAlways(...args) {
+            console.warn(...args);
+        },
+        /**
+         * Error level - always logs
+         * Errors should always be visible for debugging
+         */
+        error(...args) {
+            console.error(...args);
+        }
+    };
+    // Log initial state (only in debug mode)
+    if (debugEnabled) {
+        console.info('[UILogger] Debug mode is ON. Set localStorage ag_debug=false to disable.');
+    }
+})();

package/src/auth/oauth.js CHANGED Viewed

@@ -137,22 +137,50 @@ export function extractCodeFromInput(input) {
     return { code: trimmed, state: null };
 }
+/**
+ * Attempt to bind server to a specific port
+ * @param {http.Server} server - HTTP server instance
+ * @param {number} port - Port to bind to
+ * @returns {Promise<number>} Resolves with port on success, rejects on error
+ */
+function tryBindPort(server, port) {
+    return new Promise((resolve, reject) => {
+        const onError = (err) => {
+            server.removeListener('listening', onSuccess);
+            reject(err);
+        };
+        const onSuccess = () => {
+            server.removeListener('error', onError);
+            resolve(port);
+        };
+        server.once('error', onError);
+        server.once('listening', onSuccess);
+        server.listen(port);
+    });
+}
 /**
  * Start a local server to receive the OAuth callback
+ * Implements automatic port fallback for Windows compatibility (issue #176)
  * Returns an object with a promise and an abort function
  *
  * @param {string} expectedState - Expected state parameter for CSRF protection
  * @param {number} timeoutMs - Timeout in milliseconds (default 120000)
- * @returns {{promise: Promise<string>, abort: Function}} Object with promise and abort function
+ * @returns {{promise: Promise<string>, abort: Function, getPort: Function}} Object with promise, abort, and getPort functions
  */
 export function startCallbackServer(expectedState, timeoutMs = 120000) {
     let server = null;
     let timeoutId = null;
     let isAborted = false;
+    let actualPort = OAUTH_CONFIG.callbackPort;
+    const promise = new Promise(async (resolve, reject) => {
+        // Build list of ports to try: primary + fallbacks
+        const portsToTry = [OAUTH_CONFIG.callbackPort, ...(OAUTH_CONFIG.callbackFallbackPorts || [])];
+        const errors = [];
-    const promise = new Promise((resolve, reject) => {
         server = http.createServer((req, res) => {
-            const url = new URL(req.url, `http://localhost:${OAUTH_CONFIG.callbackPort}`);
+            const url = new URL(req.url, `http://localhost:${actualPort}`);
             if (url.pathname !== '/oauth-callback') {
                 res.writeHead(404);
@@ -232,17 +260,60 @@ export function startCallbackServer(expectedState, timeoutMs = 120000) {
             resolve(code);
         });
-        server.on('error', (err) => {
-            if (err.code === 'EADDRINUSE') {
-                reject(new Error(`Port ${OAUTH_CONFIG.callbackPort} is already in use. Close any other OAuth flows and try again.`));
+        // Try ports with fallback logic (issue #176 - Windows EACCES fix)
+        let boundSuccessfully = false;
+        for (const port of portsToTry) {
+            try {
+                await tryBindPort(server, port);
+                actualPort = port;
+                boundSuccessfully = true;
+                if (port !== OAUTH_CONFIG.callbackPort) {
+                    logger.warn(`[OAuth] Primary port ${OAUTH_CONFIG.callbackPort} unavailable, using fallback port ${port}`);
+                } else {
+                    logger.info(`[OAuth] Callback server listening on port ${port}`);
+                }
+                break;
+            } catch (err) {
+                const errMsg = err.code === 'EACCES'
+                    ? `Permission denied on port ${port}`
+                    : err.code === 'EADDRINUSE'
+                    ? `Port ${port} already in use`
+                    : `Failed to bind port ${port}: ${err.message}`;
+                errors.push(errMsg);
+                logger.warn(`[OAuth] ${errMsg}`);
+            }
+        }
+        if (!boundSuccessfully) {
+            // All ports failed - provide helpful error message
+            const isWindows = process.platform === 'win32';
+            let errorMsg = `Failed to start OAuth callback server.\nTried ports: ${portsToTry.join(', ')}\n\nErrors:\n${errors.join('\n')}`;
+            if (isWindows) {
+                errorMsg += `\n
+================== WINDOWS TROUBLESHOOTING ==================
+The default port range may be reserved by Hyper-V/WSL2/Docker.
+Option 1: Use a custom port
+  Set OAUTH_CALLBACK_PORT=3456 in your environment or .env file
+Option 2: Reset Windows NAT (run as Administrator)
+  net stop winnat && net start winnat
+Option 3: Check reserved port ranges
+  netsh interface ipv4 show excludedportrange protocol=tcp
+Option 4: Exclude port from reservation (run as Administrator)
+  netsh int ipv4 add excludedportrange protocol=tcp startport=51121 numberofports=1
+==============================================================`;
             } else {
-                reject(err);
+                errorMsg += `\n\nTry setting a custom port: OAUTH_CALLBACK_PORT=3456`;
             }
-        });
-        server.listen(OAUTH_CONFIG.callbackPort, () => {
-            logger.info(`[OAuth] Callback server listening on port ${OAUTH_CONFIG.callbackPort}`);
-        });
+            reject(new Error(errorMsg));
+            return;
+        }
         // Timeout after specified duration
         timeoutId = setTimeout(() => {
@@ -266,7 +337,10 @@ export function startCallbackServer(expectedState, timeoutMs = 120000) {
         }
     };
-    return { promise, abort };
+    // Get actual port (useful when fallback is used)
+    const getPort = () => actualPort;
+    return { promise, abort, getPort };
 }
 /**

package/src/constants.js CHANGED Viewed

@@ -188,13 +188,19 @@ export function isThinkingModel(modelName) {
 }
 // Google OAuth configuration (from opencode-antigravity-auth)
+// OAuth callback port - configurable via environment variable for Windows compatibility (issue #176)
+// Windows may reserve ports in range 49152-65535 for Hyper-V/WSL2/Docker, causing EACCES errors
+const OAUTH_CALLBACK_PORT = parseInt(process.env.OAUTH_CALLBACK_PORT || '51121', 10);
+const OAUTH_CALLBACK_FALLBACK_PORTS = [51122, 51123, 51124, 51125, 51126];
 export const OAUTH_CONFIG = {
     clientId: '1071006060591-tmhssin2h21lcre235vtolojh4g403ep.apps.googleusercontent.com',
     clientSecret: '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',
     authUrl: 'https://accounts.google.com/o/oauth2/v2/auth',
     tokenUrl: 'https://oauth2.googleapis.com/token',
     userInfoUrl: 'https://www.googleapis.com/oauth2/v1/userinfo',
-    callbackPort: 51121,
+    callbackPort: OAUTH_CALLBACK_PORT,
+    callbackFallbackPorts: OAUTH_CALLBACK_FALLBACK_PORTS,
     scopes: [
         'https://www.googleapis.com/auth/cloud-platform',
         'https://www.googleapis.com/auth/userinfo.email',
@@ -236,7 +242,7 @@ export const DEFAULT_PRESETS = [
             ANTHROPIC_MODEL: 'claude-opus-4-5-thinking',
             ANTHROPIC_DEFAULT_OPUS_MODEL: 'claude-opus-4-5-thinking',
             ANTHROPIC_DEFAULT_SONNET_MODEL: 'claude-sonnet-4-5-thinking',
-            ANTHROPIC_DEFAULT_HAIKU_MODEL: 'gemini-2.5-flash-lite[1m]',
+            ANTHROPIC_DEFAULT_HAIKU_MODEL: 'claude-sonnet-4-5',
             CLAUDE_CODE_SUBAGENT_MODEL: 'claude-sonnet-4-5-thinking',
             ENABLE_EXPERIMENTAL_MCP_CLI: 'true'
         }
@@ -249,7 +255,7 @@ export const DEFAULT_PRESETS = [
             ANTHROPIC_MODEL: 'gemini-3-pro-high[1m]',
             ANTHROPIC_DEFAULT_OPUS_MODEL: 'gemini-3-pro-high[1m]',
             ANTHROPIC_DEFAULT_SONNET_MODEL: 'gemini-3-flash[1m]',
-            ANTHROPIC_DEFAULT_HAIKU_MODEL: 'gemini-2.5-flash-lite[1m]',
+            ANTHROPIC_DEFAULT_HAIKU_MODEL: 'gemini-3-flash[1m]',
             CLAUDE_CODE_SUBAGENT_MODEL: 'gemini-3-flash[1m]',
             ENABLE_EXPERIMENTAL_MCP_CLI: 'true'
         }

package/src/format/request-converter.js CHANGED Viewed

@@ -18,7 +18,8 @@ import {
     hasGeminiHistory,
     hasUnsignedThinkingBlocks,
     needsThinkingRecovery,
-    closeToolLoopForThinking
+    closeToolLoopForThinking,
+    cleanCacheControl
 } from './thinking-utils.js';
 import { logger } from '../utils/logger.js';
@@ -32,7 +33,13 @@ import { logger } from '../utils/logger.js';
  * @returns {Object} Request body for Cloud Code API
  */
 export function convertAnthropicToGoogle(anthropicRequest) {
-    const { messages, system, max_tokens, temperature, top_p, top_k, stop_sequences, tools, tool_choice, thinking } = anthropicRequest;
+    // [CRITICAL FIX] Pre-clean all cache_control fields from messages (Issue #189)
+    // Claude Code CLI sends cache_control on various content blocks, but Cloud Code API
+    // rejects them with "Extra inputs are not permitted". Clean them proactively here
+    // before any other processing, following the pattern from Antigravity-Manager.
+    const messages = cleanCacheControl(anthropicRequest.messages || []);
+    const { system, max_tokens, temperature, top_p, top_k, stop_sequences, tools, tool_choice, thinking } = anthropicRequest;
     const modelName = anthropicRequest.model || '';
     const modelFamily = getModelFamily(modelName);
     const isClaudeModel = modelFamily === 'claude';

package/src/format/thinking-utils.js CHANGED Viewed

@@ -7,6 +7,62 @@ import { MIN_SIGNATURE_LENGTH } from '../constants.js';
 import { getCachedSignatureFamily } from './signature-cache.js';
 import { logger } from '../utils/logger.js';
+// ============================================================================
+// Cache Control Cleaning (Issue #189)
+// ============================================================================
+/**
+ * Remove cache_control fields from all content blocks in messages.
+ * This is a critical fix for Issue #189 where Claude Code CLI sends cache_control
+ * fields that the Cloud Code API rejects with "Extra inputs are not permitted".
+ *
+ * Inspired by Antigravity-Manager's clean_cache_control_from_messages() approach,
+ * this function proactively strips cache_control from ALL block types at the
+ * entry point of the conversion pipeline.
+ *
+ * @param {Array<Object>} messages - Array of messages in Anthropic format
+ * @returns {Array<Object>} Messages with cache_control fields removed
+ */
+export function cleanCacheControl(messages) {
+    if (!Array.isArray(messages)) return messages;
+    let removedCount = 0;
+    const cleaned = messages.map(message => {
+        if (!message || typeof message !== 'object') return message;
+        // Handle string content (no cache_control possible)
+        if (typeof message.content === 'string') return message;
+        // Handle array content
+        if (!Array.isArray(message.content)) return message;
+        const cleanedContent = message.content.map(block => {
+            if (!block || typeof block !== 'object') return block;
+            // Check if cache_control exists before destructuring
+            if (block.cache_control === undefined) return block;
+            // Create a shallow copy without cache_control
+            const { cache_control, ...cleanBlock } = block;
+            removedCount++;
+            return cleanBlock;
+        });
+        return {
+            ...message,
+            content: cleanedContent
+        };
+    });
+    if (removedCount > 0) {
+        logger.debug(`[ThinkingUtils] Removed cache_control from ${removedCount} block(s)`);
+    }
+    return cleaned;
+}
 /**
  * Check if a part is a thinking block
  * @param {Object} part - Content part to check
@@ -104,6 +160,38 @@ function sanitizeAnthropicThinkingBlock(block) {
     return block;
 }
+/**
+ * Sanitize a text block by removing extra fields like cache_control.
+ * Only keeps: type, text
+ * @param {Object} block - Text block to sanitize
+ * @returns {Object} Sanitized text block
+ */
+function sanitizeTextBlock(block) {
+    if (!block || block.type !== 'text') return block;
+    const sanitized = { type: 'text' };
+    if (block.text !== undefined) sanitized.text = block.text;
+    return sanitized;
+}
+/**
+ * Sanitize a tool_use block by removing extra fields like cache_control.
+ * Only keeps: type, id, name, input, thoughtSignature (for Gemini)
+ * @param {Object} block - Tool_use block to sanitize
+ * @returns {Object} Sanitized tool_use block
+ */
+function sanitizeToolUseBlock(block) {
+    if (!block || block.type !== 'tool_use') return block;
+    const sanitized = { type: 'tool_use' };
+    if (block.id !== undefined) sanitized.id = block.id;
+    if (block.name !== undefined) sanitized.name = block.name;
+    if (block.input !== undefined) sanitized.input = block.input;
+    // Preserve thoughtSignature for Gemini models
+    if (block.thoughtSignature !== undefined) sanitized.thoughtSignature = block.thoughtSignature;
+    return sanitized;
+}
 /**
  * Filter content array, keeping only thinking blocks with valid signatures.
  */
@@ -259,11 +347,13 @@ export function reorderAssistantContent(content) {
             // Sanitize thinking blocks to remove cache_control and other extra fields
             thinkingBlocks.push(sanitizeAnthropicThinkingBlock(block));
         } else if (block.type === 'tool_use') {
-            toolUseBlocks.push(block);
+            // Sanitize tool_use blocks to remove cache_control and other extra fields
+            toolUseBlocks.push(sanitizeToolUseBlock(block));
         } else if (block.type === 'text') {
             // Only keep text blocks with meaningful content
             if (block.text && block.text.trim().length > 0) {
-                textBlocks.push(block);
+                // Sanitize text blocks to remove cache_control and other extra fields
+                textBlocks.push(sanitizeTextBlock(block));
             } else {
                 droppedEmptyBlocks++;
             }