clawmoney 0.15.8 → 0.15.10

package/dist/relay/upstream/claude-api.js

@@ -937,41 +937,115 @@ function mergeBetas(required, clientBeta) {
     }
     return out.join(",");
 }
-// Rewrite the first system block's x-anthropic-billing-header (if present)
-// so cc_version and FP3 match OUR fingerprint and the buyer's actual
-// first user message. Real Claude Code always emits this block; sub2api's
-// gateway_service.go mirrors it verbatim but rewrites the version to
-// match the account's pinned UA (syncBillingHeaderVersion, gateway_billing_header.go).
+// Ensure a passthrough body carries the full Claude Code fingerprint
+// shell that Anthropic's OAuth-endpoint validator expects. Called from
+// doCallClaudeApiPassthrough as the last body-munging step before the
+// HTTP request goes out.
 //
-// Critical because Anthropic's validator expects cc_version.<FP3> where
-// FP3 is a deterministic hash of (message_chars + cli_version). If we
-// leave the buyer's FP3 in place but their UA was a different version
-// from our pinned UA, the FP3 no longer matches cli_version in the header
-// and the validator rejects the request.
-function syncPassthroughBillingHeader(body, fingerprint) {
-    if (!Array.isArray(body.system))
-        return;
+// The three fingerprint-sensitive fields that MUST be present on every
+// real Claude Code /v1/messages request:
+//
+//   1. system[0] = {type:"text", text:"x-anthropic-billing-header: ..."}
+//      — always the FIRST block. Contains cc_version.<FP3> where FP3 is
+//      SHA256(SALT + chars_from_first_user_msg + cli_version).hex[:3].
+//   2. system[i] = {type:"text", text:"You are a Claude agent, built on
+//      Anthropic's Claude Agent SDK..."} with cache_control ephemeral.
+//      — the template-mode "CC identity marker" that passes the dice-
+//      coefficient validator.
+//   3. thinking: {type, budget_tokens?} — on Claude 4+ models real CLI
+//      always sends this; zero-thinking accounts stand out.
+//   4. tools: array (empty [] is fine) — real CLI always sends the
+//      field, missing means the request shape doesn't match.
+//
+// For real Claude Code / anthropic SDK clients that already send a full
+// body (via /v1/messages passthrough path), every check here no-ops —
+// the body is already in CC shape and we don't touch it.
+//
+// For OpenAI-SDK-style clients going through /v1/chat/completions (the
+// Hub's chat→anthropic converter produces a minimal body), we augment
+// with the missing shell fields so the outbound request is
+// indistinguishable from a real CC request that happens to have a
+// user-provided system prompt and no local tools.
+//
+// All buyer content (messages, their own system text, their own tools,
+// thinking config if they sent one) is preserved.
+function ensureClaudeCodeShell(body, fingerprint) {
+    // ── Normalize system to an array of content blocks ──
+    if (!Array.isArray(body.system)) {
+        if (typeof body.system === "string" && body.system.length > 0) {
+            // String-shaped system (anthropic SDK convenience form) →
+            // wrap in a single text block so we can prepend.
+            body.system = [{ type: "text", text: body.system }];
+        }
+        else {
+            body.system = [];
+        }
+    }
     const system = body.system;
-    if (system.length === 0)
-        return;
+    // ── Detect CC identity marker anywhere in system ──
+    const hasCcMarker = system.some((b) => b &&
+        typeof b === "object" &&
+        b.type === "text" &&
+        typeof b.text === "string" &&
+        b.text.includes(CLAUDE_CODE_SYSTEM_PROMPT_LEAD));
+    // ── Detect billing header in system[0] ──
     const firstBlock = system[0];
-    if (!firstBlock ||
-        typeof firstBlock !== "object" ||
-        firstBlock.type !== "text" ||
-        typeof firstBlock.text !== "string") {
-        return;
+    const hasBillingHeaderFirst = !!firstBlock &&
+        typeof firstBlock === "object" &&
+        firstBlock.type === "text" &&
+        typeof firstBlock.text === "string" &&
+        firstBlock.text.startsWith("x-anthropic-billing-header:");
+    // ── Build the attribution header (always recompute so cc_version + FP3
+    // match OUR fingerprint and the buyer's actual first user message) ──
+    const firstUserMsg = extractFirstUserMessageText(body.messages);
+    const freshHeader = buildClaudeAttributionHeader(firstUserMsg, fingerprint.cc_version, fingerprint.cc_entrypoint);
+    // ── Inject CC marker if missing ──
+    // Position: right after the billing header slot (idx 1), or right
+    // after any buyer-prefixed system blocks (at head) if we're also
+    // inserting the billing header.
+    if (!hasCcMarker) {
+        const markerBlock = {
+            type: "text",
+            text: `${CLAUDE_CODE_SYSTEM_PROMPT_LEAD}\n\n${RELAY_INSTRUCTIONS}`,
+            cache_control: { type: "ephemeral" },
+        };
+        // Insert at index 1 (slot after billing header), or 0 if we'll be
+        // unshifting the billing header next.
+        if (hasBillingHeaderFirst) {
+            system.splice(1, 0, markerBlock);
+        }
+        else {
+            system.unshift(markerBlock);
+        }
     }
-    const currentText = firstBlock.text;
-    if (!currentText.startsWith("x-anthropic-billing-header:")) {
-        // Non-CC client didn't include a billing header — leave system alone.
-        // If we're strict about this we could PREPEND one, but for now we
-        // only touch what exists so non-CC passthrough (e.g. anthropic SDK
-        // direct) works without extra surgery.
-        return;
+    // ── Update or inject billing header at index 0 ──
+    if (hasBillingHeaderFirst) {
+        // Rewrite in place so cc_version reflects OUR fingerprint, not the
+        // buyer's original (which might have been from a different CLI
+        // version than our pinned fingerprint).
+        firstBlock.text = freshHeader;
+    }
+    else {
+        system.unshift({ type: "text", text: freshHeader });
+    }
+    // ── Ensure tools array exists ──
+    if (!Array.isArray(body.tools)) {
+        body.tools = [];
+    }
+    // ── Inject thinking config if missing ──
+    // Real CLI always sends this for Claude 4+ models; zero-thinking
+    // accounts are a relay-farm tell. pickClaudeThinkingConfig picks the
+    // right shape (adaptive for 4-6, enabled-with-budget for 4-5/haiku).
+    if (!body.thinking || typeof body.thinking !== "object") {
+        const rawMaxTokens = typeof body.max_tokens === "number" && body.max_tokens > 0
+            ? body.max_tokens
+            : 4096;
+        const { config, adjustedMaxTokens } = pickClaudeThinkingConfig(body.model ?? "", rawMaxTokens);
+        if (config) {
+            body.thinking = config;
+            body.max_tokens = adjustedMaxTokens;
+        }
     }
-    const firstUserMsg = extractFirstUserMessageText(body.messages);
-    const newHeader = buildClaudeAttributionHeader(firstUserMsg, fingerprint.cc_version, fingerprint.cc_entrypoint);
-    firstBlock.text = newHeader;
 }
 // Walk system text blocks and rewrite third-party identity sentences
 // (OpenCode, etc.) to the Claude Code banner. sub2api does the same thing
@@ -1025,7 +1099,7 @@ async function doCallClaudeApiPassthrough(opts) {
     // Sanitize system: replace third-party identity sentences + sync
     // billing header cc_version to match our pinned CLI version.
     sanitizePassthroughSystemArray(body);
-    syncPassthroughBillingHeader(body, fp);
+    ensureClaudeCodeShell(body, fp);
     // Clamp thinking.budget_tokens to Anthropic's minimum so buyer-chosen
     // small budgets don't 400. If max_tokens < budget_tokens + 1, bump
     // max_tokens too so the request stays valid.

package/dist/relay/upstream/codex-api.js

@@ -77,9 +77,17 @@ const MAX_TRANSIENT_RETRIES = 2;
 // Codex responses on small prompts come back in <10s; we give a generous
 // ceiling to tolerate slow tokens without hanging the daemon forever.
 const WS_OVERALL_TIMEOUT_MS = 180 * 1000;
-// Default relay instructions for Codex. Upstream treats `instructions` as
-// the system prompt. Keep minimal so the buyer's prompt gets full focus.
+// Default instructions for Codex template mode. Template mode flattens
+// messages into a single prompt and drops buyer's tools — the "plain
+// text only" hint aligns model behavior with what template can actually
+// deliver.
 const RELAY_INSTRUCTIONS = "You are a helpful AI assistant operating in relay mode. Respond to the user's message with plain text only. Be concise.";
+// Neutral fallback for Codex passthrough mode when the buyer did NOT
+// supply their own instructions. Unlike the template-mode string, this
+// one does NOT forbid tool use — if the buyer sent a tools array we
+// want the model to use them. Kept intentionally vague so it doesn't
+// bias the model's behavior when the buyer's intent is unspecified.
+const CODEX_PASSTHROUGH_FALLBACK_INSTRUCTIONS = "You are a helpful coding assistant. Use the available tools when appropriate to answer the user.";
 // ── Proxy ──
 //
 // We configure the global undici dispatcher for the OAuth refresh fetch()
@@ -449,6 +457,47 @@ function buildCodexRequestFrame(prompt, model, fingerprint, sessionId, turnMetad
     }
     return frame;
 }
+// Patch a raw ChatGPT WS frame before we forward it to the Hub as SSE.
+// ChatGPT's internal response.completed frames come from a proprietary
+// backend that does NOT populate usage.total_tokens — the Codex CLI Rust
+// parser is strict about this field (stream disconnected before completion:
+// failed to parse ResponseCompleted: missing field `total_tokens`), so we
+// inject it here when we can compute it from input_tokens + output_tokens.
+// Returns the possibly-rewritten frame JSON; on parse/shape error returns
+// the original untouched so a malformed input never turns into a crash.
+function patchCodexFrameForForwarding(raw) {
+    try {
+        const evt = JSON.parse(raw);
+        const type = evt["type"];
+        if (type !== "response.completed" && type !== "response.done") {
+            return raw;
+        }
+        const resp = evt["response"];
+        if (!resp || typeof resp !== "object")
+            return raw;
+        const usage = resp["usage"];
+        if (!usage || typeof usage !== "object")
+            return raw;
+        if (typeof usage["total_tokens"] === "number")
+            return raw;
+        const input = Number(usage["input_tokens"] ?? 0);
+        const output = Number(usage["output_tokens"] ?? 0);
+        usage["total_tokens"] = input + output;
+        // Also ensure the nested *_details objects exist — Codex CLI's
+        // schema checks for them on the response.completed frame.
+        if (!usage["input_tokens_details"] || typeof usage["input_tokens_details"] !== "object") {
+            const cached = Number(usage.cache_read_input_tokens ?? 0);
+            usage["input_tokens_details"] = { cached_tokens: cached };
+        }
+        if (!usage["output_tokens_details"] || typeof usage["output_tokens_details"] !== "object") {
+            usage["output_tokens_details"] = { reasoning_tokens: 0 };
+        }
+        return JSON.stringify(evt);
+    }
+    catch {
+        return raw;
+    }
+}
 function handleFrame(raw, acc) {
     let evt;
     try {
@@ -877,7 +926,10 @@ async function doCallCodexApi(opts) {
                     try {
                         const parsedFrame = JSON.parse(text);
                         const frameType = typeof parsedFrame.type === "string" ? parsedFrame.type : "message";
-                        opts.onRawEvent(`event: ${frameType}\ndata: ${text}\n\n`);
+                        // Inject usage.total_tokens on response.completed frames so
+                        // the end client's strict parser doesn't abort the stream.
+                        const patched = patchCodexFrameForForwarding(text);
+                        opts.onRawEvent(`event: ${frameType}\ndata: ${patched}\n\n`);
                     }
                     catch {
                         // Non-JSON frame — forward as a plain data event.
@@ -1007,10 +1059,13 @@ function buildCodexPassthroughFrame(clientBody, model, fingerprint, sessionId, t
     if (frame.parallel_tool_calls === undefined) {
         frame.parallel_tool_calls = false;
     }
-    // Instructions: if buyer didn't send one, fall back to the template
-    // mode's RELAY_INSTRUCTIONS so the model still has guidance.
+    // Instructions: if buyer didn't send one, fall back to a neutral
+    // tool-friendly default so the model still has guidance while not
+    // forbidding tool use (unlike template mode's RELAY_INSTRUCTIONS,
+    // which says "plain text only" — wrong fit for passthrough where
+    // buyer's tools should actually be used).
     if (typeof frame.instructions !== "string" || !frame.instructions) {
-        frame.instructions = RELAY_INSTRUCTIONS;
+        frame.instructions = CODEX_PASSTHROUGH_FALLBACK_INSTRUCTIONS;
     }
     if (warmup) {
         // Real CLI's prewarm flow: first frame of each turn has generate:false.
@@ -1183,7 +1238,8 @@ async function doCallCodexApiPassthrough(opts) {
                     try {
                         const parsedFrame = JSON.parse(text);
                         const frameType = typeof parsedFrame.type === "string" ? parsedFrame.type : "message";
-                        opts.onRawEvent(`event: ${frameType}\ndata: ${text}\n\n`);
+                        const patched = patchCodexFrameForForwarding(text);
+                        opts.onRawEvent(`event: ${frameType}\ndata: ${patched}\n\n`);
                     }
                     catch {
                         opts.onRawEvent(`event: message\ndata: ${text}\n\n`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clawmoney",
-  "version": "0.15.8",
+  "version": "0.15.10",
   "description": "ClawMoney CLI -- Earn rewards with your AI agent",
   "type": "module",
   "bin": {