clawmoney 0.15.67 → 0.15.69

package/dist/relay/provider.js

@@ -167,6 +167,83 @@ function extractMessageText(content) {
 function messagesToPrompt(messages) {
     return messages.map((m) => extractMessageText(m.content)).join("\n");
 }
+// ── OAuth auto-pause (per-cli_type) ────────────────────────────────────
+//
+// When upstream keeps rejecting our OAuth token (Anthropic 403
+// permission_error, ChatGPT auth failures, etc.), continuing to hammer
+// it wastes buyer requests, surfaces errors the Hub has to failover
+// around, and thrashes the Hub's 5xx ban / unban cycle every time the
+// daemon reconnects. Track consecutive auth-broken errors per cli_type
+// — after AUTH_ERROR_THRESHOLD hits in a row, stop accepting new
+// requests for THAT cli_type until daemon restart. Every successful
+// upstream response resets the counter.
+//
+// Key properties:
+//   - Per cli_type: a broken Claude OAuth doesn't take down Codex or
+//     Gemini on the same daemon, because each has its own counter and
+//     its own disable flag.
+//   - In-memory only: state resets on daemon restart. If the operator
+//     re-authed between restarts, the next request proves the token
+//     works and nothing happens; if they didn't, the counter fills
+//     back up within AUTH_ERROR_THRESHOLD requests and re-disables.
+//   - No WS lifecycle touched: the daemon stays connected to the Hub
+//     so other cli_types still serve. We just refuse to call upstream
+//     for the disabled one, returning a clean error the Hub can use
+//     to ban this provider row (its existing _is_auth_broken_error
+//     pattern catches our "OAuth authentication broken" message).
+//
+// Operator recovery: run `clawmoney login <cli>` (or re-auth the
+// relevant CLI directly — `claude login`, `codex login`, etc.), then
+// `clawmoney relay restart` to reset the counter.
+const AUTH_ERROR_THRESHOLD = 3;
+const consecutiveAuthErrorsByCli = new Map();
+const cliAuthDisabled = new Set();
+const AUTH_BROKEN_PATTERNS = [
+    // Anthropic 403: OAuth authentication is currently not allowed for
+    // this organization. The new prod signal from 2026-04-15 incident.
+    "permission_error",
+    "not allowed for this organization",
+    // Legacy Claude / Anthropic auth failures (also matched by Hub's
+    // _AUTH_BROKEN_PATTERNS, so the two sides agree on classification).
+    "token refresh failed",
+    "invalid_grant",
+    "request not allowed",
+    "oauth refresh",
+    // Generic OAuth HTTP signatures. Catches the one-off 401/403
+    // responses from codex / gemini / antigravity that carry the same
+    // meaning even when the upstream-specific message format differs.
+    "unauthorized",
+];
+function isAuthBrokenError(errMsg) {
+    const lower = errMsg.toLowerCase();
+    return AUTH_BROKEN_PATTERNS.some((p) => lower.includes(p));
+}
+function noteUpstreamAuthError(cliType) {
+    const next = (consecutiveAuthErrorsByCli.get(cliType) ?? 0) + 1;
+    consecutiveAuthErrorsByCli.set(cliType, next);
+    if (next >= AUTH_ERROR_THRESHOLD && !cliAuthDisabled.has(cliType)) {
+        cliAuthDisabled.add(cliType);
+        logger.error("");
+        logger.error(`  ╔══════════════════════════════════════════════════════════════`);
+        logger.error(`  ║ OAuth broken for cli_type='${cliType}' — ${next} consecutive`);
+        logger.error(`  ║ auth-broken responses from upstream. Pausing relay for this`);
+        logger.error(`  ║ cli_type to stop thrashing buyer requests + Hub ban state.`);
+        logger.error(`  ║`);
+        logger.error(`  ║ TO RESUME: re-authenticate your ${cliType} CLI locally, then`);
+        logger.error(`  ║           run 'clawmoney relay restart'.`);
+        logger.error(`  ║`);
+        logger.error(`  ║ Other cli_types on this daemon continue to serve normally.`);
+        logger.error(`  ╚══════════════════════════════════════════════════════════════`);
+        logger.error("");
+    }
+}
+function noteUpstreamSuccess(cliType) {
+    // Successful request → reset the consecutive counter. The disabled
+    // flag is sticky until daemon restart on purpose — we never want to
+    // "heal" mid-run based on a single lucky response, which could be
+    // an upstream glitch rather than a real token refresh.
+    consecutiveAuthErrorsByCli.delete(cliType);
+}
 async function executeRelayRequest(request, config, sendChunk) {
     const { request_id, max_budget_usd } = request;
     const cliType = request.cli_type ?? config.relay.cli_type;
@@ -190,6 +267,21 @@ async function executeRelayRequest(request, config, sendChunk) {
     logger.info(`  │ CLI:    ${cliType} / ${model} (${modeLabel})`);
     logger.info(`  │ Turns:  ${turns}`);
     logger.info(`  │ Prompt: ${String(lastUserMsg).slice(0, 80)}`);
+    // Fast-fail if this cli_type was auto-paused by a run of auth-broken
+    // responses earlier in the session. Returning the error here instead
+    // of calling upstream saves the round-trip and keeps the Hub's ban
+    // pattern triggering (it matches "OAuth authentication" / "auth
+    // broken" in _is_auth_broken_error) so buyer requests go straight to
+    // a healthy provider.
+    if (cliAuthDisabled.has(cliType)) {
+        logger.warn(`  └─ REFUSED: ${cliType} auth paused (restart relay after re-auth)`);
+        return {
+            event: "relay_response",
+            request_id,
+            content: "",
+            error: `OAuth authentication broken for cli_type='${cliType}'. Provider needs to re-authenticate locally and restart the daemon. (permission_error)`,
+        };
+    }
     try {
         const startMs = Date.now();
         let parsed;
@@ -300,6 +392,9 @@ async function executeRelayRequest(request, config, sendChunk) {
         if (fakeModelUsed) {
             logger.warn(`  ! CLAWMONEY_FAKE_MODEL_USED=${fakeModelUsed} — reporting fake model to Hub (test mode)`);
         }
+        // Successful upstream round-trip — reset the auth-error counter for
+        // this cli_type. One good response means the token currently works.
+        noteUpstreamSuccess(cliType);
         return {
             event: "relay_response",
             request_id,
@@ -312,12 +407,22 @@ async function executeRelayRequest(request, config, sendChunk) {
         };
     }
     catch (err) {
-        logger.error(`  └─ ERROR: ${err instanceof Error ? err.message : err}`);
+        const errMsg = err instanceof Error ? err.message : String(err);
+        logger.error(`  └─ ERROR: ${errMsg}`);
+        // If the upstream error looks like a persistent auth failure
+        // (OAuth rejected, token broken, permission_error, etc.), bump
+        // this cli_type's consecutive-auth-error counter. After
+        // AUTH_ERROR_THRESHOLD in a row, future requests for this
+        // cli_type short-circuit at the top of executeRelayRequest until
+        // daemon restart.
+        if (isAuthBrokenError(errMsg)) {
+            noteUpstreamAuthError(cliType);
+        }
         return {
             event: "relay_response",
             request_id,
             content: "",
-            error: err instanceof Error ? err.message : "Unknown execution error",
+            error: errMsg || "Unknown execution error",
         };
     }
 }

package/dist/relay/upstream/claude-api.js

@@ -994,6 +994,56 @@ function mergeBetas(required, clientBeta) {
     }
     return out.join(",");
 }
+// Scan a passthrough body for any `cache_control: {type: "ephemeral",
+// ttl: "1h"}` block across tools / system / messages. The presence of
+// even one 1h block forces us to upgrade our own injected CC marker in
+// system to 1h too, because Anthropic rejects requests where a 1h
+// block appears after any 5m block in the global tools→system→messages
+// ordering (see long comment in ensureClaudeCodeShell).
+//
+// Returns true on the first 1h block found — this is a detect-only
+// walk, not a rewrite. Safe on malformed bodies (returns false).
+function bodyHasExtendedCacheBlock(body) {
+    const isExtendedBlock = (block) => {
+        if (!block || typeof block !== "object")
+            return false;
+        const cc = block
+            .cache_control;
+        if (!cc || typeof cc !== "object")
+            return false;
+        return cc.ttl === "1h";
+    };
+    if (Array.isArray(body.tools)) {
+        for (const t of body.tools) {
+            if (isExtendedBlock(t))
+                return true;
+        }
+    }
+    if (Array.isArray(body.system)) {
+        for (const b of body.system) {
+            if (isExtendedBlock(b))
+                return true;
+        }
+    }
+    if (Array.isArray(body.messages)) {
+        for (const m of body.messages) {
+            if (!m || typeof m !== "object")
+                continue;
+            const content = m.content;
+            // Anthropic messages can carry content either as a string (no
+            // cache_control possible) or as an array of content blocks
+            // (each of which can carry cache_control). Only the array form
+            // matters for this check.
+            if (Array.isArray(content)) {
+                for (const c of content) {
+                    if (isExtendedBlock(c))
+                        return true;
+                }
+            }
+        }
+    }
+    return false;
+}
 // Ensure a passthrough body carries the full Claude Code fingerprint
 // shell that Anthropic's OAuth-endpoint validator expects. Called from
 // doCallClaudeApiPassthrough as the last body-munging step before the
@@ -1057,34 +1107,69 @@ function ensureClaudeCodeShell(body, fingerprint) {
     const firstUserMsg = extractFirstUserMessageText(body.messages);
     const freshHeader = buildClaudeAttributionHeader(firstUserMsg, fingerprint.cc_version, fingerprint.cc_entrypoint);
     // ── Inject CC marker if missing ──
-    // Position: right after the billing header slot (idx 1), or right
-    // after any buyer-prefixed system blocks (at head) if we're also
-    // inserting the billing header.
     //
-    // Anthropic has a hard ordering rule within the system array: any
-    // cache_control block with `ttl="1h"` MUST come before any block with
-    // `ttl="5m"`. Our injected marker uses the default ephemeral TTL
-    // (5m), so if the buyer's original system array contains a 1h block
-    // further down, naively inserting at index 1 puts the 1h block AFTER
-    // our 5m block and Anthropic 400s with
-    //   system.N.cache_control.ttl: a ttl='1h' cache_control block must
-    //   not come after a ttl='5m' cache_control block.
-    // Walk from the end to find the last 1h block; if one exists, drop
-    // the marker immediately after it so the 1h-before-5m invariant
-    // holds. Otherwise fall back to the original "index 1 (or 0)" slot.
+    // Anthropic has a hard GLOBAL ordering rule across the whole request:
+    // within the linear processing order `tools → system → messages`,
+    // any block with `cache_control.ttl="1h"` MUST come before any block
+    // with `ttl="5m"`. Not just within one section — globally. A 5m block
+    // in system comes before any 1h block in messages and that's a 400.
+    //
+    // Our injected CC marker lives in system. Its default TTL is 5m
+    // (what real Claude Code uses). When a buyer request carries any 1h
+    // cache_control block ANYWHERE (their own system, or inside any
+    // message content block, or in tools), naively injecting a 5m marker
+    // in system causes:
+    //   system.N.cache_control.ttl   — when the 1h is in system below us
+    //   messages.N.content.M.cache_control.ttl  — when the 1h is in messages
+    // Anthropic 400s with:
+    //   a ttl='1h' cache_control block must not come after a ttl='5m'
+    //   cache_control block. Note that blocks are processed in the
+    //   following order: `tools`, `system`, `messages`.
+    //
+    // Fix: detect whether the buyer's body touches 1h cache anywhere.
+    // If yes, upgrade our marker's TTL to 1h too — then the whole request
+    // is uniformly 1h from our side, no 1h-after-5m violation possible.
+    // If no, keep the default 5m (matches real Claude Code fingerprint).
+    //
+    // The 1h TTL won't actually materialise extra cost for our marker
+    // because our system block is < 1024 tokens and below Anthropic's
+    // minimum cache token threshold, so neither 5m nor 1h actually
+    // produces a cache write or read. The TTL label is purely a shape
+    // marker that unblocks the ordering validator.
     if (!hasCcMarker) {
+        const buyerUsesExtendedCache = bodyHasExtendedCacheBlock(body);
         const markerBlock = {
             type: "text",
             text: `${CLAUDE_CODE_SYSTEM_PROMPT_LEAD}\n\n${RELAY_INSTRUCTIONS}`,
-            cache_control: { type: "ephemeral" },
+            cache_control: buyerUsesExtendedCache
+                ? { type: "ephemeral", ttl: "1h" }
+                : { type: "ephemeral" },
         };
+        // Insert position inside system:
+        //   - If our marker is 5m: put it AFTER any existing 1h block in
+        //     system so system-internal ordering holds (1h-before-5m).
+        //   - If our marker is 1h: put it BEFORE any existing 5m block in
+        //     system for the same reason (1h-before-5m). No 5m block →
+        //     default slot.
         let insertAt = hasBillingHeaderFirst ? 1 : 0;
-        for (let i = system.length - 1; i >= 0; i--) {
-            const cc = system[i]
-                ?.cache_control;
-            if (cc && typeof cc === "object" && cc.ttl === "1h") {
-                insertAt = i + 1;
-                break;
+        if (buyerUsesExtendedCache) {
+            for (let i = 0; i < system.length; i++) {
+                const cc = system[i]
+                    ?.cache_control;
+                if (cc && typeof cc === "object" && (cc.ttl ?? "5m") === "5m") {
+                    insertAt = i;
+                    break;
+                }
+            }
+        }
+        else {
+            for (let i = system.length - 1; i >= 0; i--) {
+                const cc = system[i]
+                    ?.cache_control;
+                if (cc && typeof cc === "object" && cc.ttl === "1h") {
+                    insertAt = i + 1;
+                    break;
+                }
             }
         }
         system.splice(insertAt, 0, markerBlock);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clawmoney",
-  "version": "0.15.67",
+  "version": "0.15.69",
   "description": "ClawMoney CLI -- Earn rewards with your AI agent",
   "type": "module",
   "bin": {