npm - clawmux - Versions diffs - 0.2.2 → 0.3.0 - Mend

clawmux 0.2.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/cli.cjs CHANGED Viewed

@@ -317,7 +317,7 @@ function getLogDir() {
 }
 // src/cli.ts
-var VERSION2 = process.env.npm_package_version ?? "0.2.2";
+var VERSION2 = process.env.npm_package_version ?? "0.3.0";
 var SERVICE_NAME = "clawmux";
 var HELP = `Usage: clawmux <command>

package/dist/index.cjs CHANGED Viewed

@@ -596,7 +596,20 @@ async function readAuthProfiles(agentId, profilesPath) {
         provider: profile.provider ?? key.split(":")[0],
         apiKey: profile.access ?? profile.apiKey,
         token: profile.token
-      }));
+      })).filter((p) => {
+        const token = p.apiKey ?? p.token;
+        if (!token || !token.includes("."))
+          return true;
+        try {
+          const payload = token.split(".")[1];
+          const decoded = JSON.parse(Buffer.from(payload, "base64").toString());
+          if (decoded.exp && decoded.exp * 1000 < Date.now())
+            return false;
+        } catch (_) {
+          return true;
+        }
+        return true;
+      });
     }
     return [];
   } catch (err) {
@@ -1892,6 +1905,98 @@ class OllamaAdapter {
 var ollamaAdapter = new OllamaAdapter;
 registerAdapter(ollamaAdapter);
+// src/utils/aws-sigv4.ts
+var import_node_crypto = require("node:crypto");
+var SERVICE = "bedrock";
+function sha256(data) {
+  return import_node_crypto.createHash("sha256").update(data).digest("hex");
+}
+function hmacSha256(key, data) {
+  return import_node_crypto.createHmac("sha256", key).update(data).digest();
+}
+function hmacSha256Hex(key, data) {
+  return import_node_crypto.createHmac("sha256", key).update(data).digest("hex");
+}
+function awsUriEncode(str) {
+  return encodeURIComponent(str).replace(/!/g, "%21").replace(/'/g, "%27").replace(/\(/g, "%28").replace(/\)/g, "%29").replace(/\*/g, "%2A");
+}
+function buildCanonicalUri(pathname) {
+  if (pathname === "" || pathname === "/")
+    return "/";
+  const segments = pathname.split("/");
+  return segments.map((segment) => segment === "" ? "" : awsUriEncode(awsUriEncode(segment))).join("/");
+}
+function formatDateStamp(date) {
+  return date.toISOString().slice(0, 10).replace(/-/g, "");
+}
+function formatAmzDate(date) {
+  return date.toISOString().replace(/[-:]/g, "").replace(/\.\d{3}/, "");
+}
+function deriveSigningKey(secretKey, dateStamp, region, service) {
+  const kDate = hmacSha256(`AWS4${secretKey}`, dateStamp);
+  const kRegion = hmacSha256(kDate, region);
+  const kService = hmacSha256(kRegion, service);
+  return hmacSha256(kService, "aws4_request");
+}
+function signRequest(request, credentials, now) {
+  const date = now ?? new Date;
+  const dateStamp = formatDateStamp(date);
+  const amzDate = formatAmzDate(date);
+  const url = new URL(request.url);
+  const canonicalUri = buildCanonicalUri(url.pathname);
+  const sortedParams = [...url.searchParams.entries()].sort((a, b) => a[0].localeCompare(b[0]));
+  const canonicalQueryString = sortedParams.map(([k, v]) => `${awsUriEncode(k)}=${awsUriEncode(v)}`).join("&");
+  const payloadHash = sha256(request.body);
+  const headersToSign = {};
+  for (const [k, v] of Object.entries(request.headers)) {
+    headersToSign[k.toLowerCase()] = v.trim();
+  }
+  headersToSign["host"] = url.host;
+  headersToSign["x-amz-date"] = amzDate;
+  headersToSign["x-amz-content-sha256"] = payloadHash;
+  if (credentials.sessionToken) {
+    headersToSign["x-amz-security-token"] = credentials.sessionToken;
+  }
+  const sortedHeaderKeys = Object.keys(headersToSign).sort();
+  const canonicalHeaders = sortedHeaderKeys.map((k) => `${k}:${headersToSign[k]}`).join(`
+`) + `
+`;
+  const signedHeaders = sortedHeaderKeys.join(";");
+  const canonicalRequest = [
+    request.method,
+    canonicalUri,
+    canonicalQueryString,
+    canonicalHeaders,
+    signedHeaders,
+    payloadHash
+  ].join(`
+`);
+  const credentialScope = `${dateStamp}/${credentials.region}/${SERVICE}/aws4_request`;
+  const stringToSign = [
+    "AWS4-HMAC-SHA256",
+    amzDate,
+    credentialScope,
+    sha256(canonicalRequest)
+  ].join(`
+`);
+  const signingKey = deriveSigningKey(credentials.secretAccessKey, dateStamp, credentials.region, SERVICE);
+  const signature = hmacSha256Hex(signingKey, stringToSign);
+  const authorization = `AWS4-HMAC-SHA256 Credential=${credentials.accessKeyId}/${credentialScope}, ` + `SignedHeaders=${signedHeaders}, Signature=${signature}`;
+  const result = {
+    Authorization: authorization,
+    "x-amz-date": amzDate,
+    "x-amz-content-sha256": payloadHash
+  };
+  if (credentials.sessionToken) {
+    result["x-amz-security-token"] = credentials.sessionToken;
+  }
+  return result;
+}
+function extractRegionFromUrl(url) {
+  const match = url.match(/\.([a-z0-9-]+)\.amazonaws\.com/);
+  return match?.[1];
+}
 // src/adapters/bedrock.ts
 function bedrockMessagesToStandard(messages) {
   return messages.map((m) => {
@@ -1988,18 +2093,23 @@ class BedrockAdapter {
         maxTokens: parsed.maxTokens
       };
     }
+    const url = `${baseUrl}/model/${targetModel}/converse-stream`;
+    const body = JSON.stringify(requestBody);
     const headers = {
       "Content-Type": "application/json"
     };
-    if (auth.apiKey) {
+    if (auth.awsAccessKeyId && auth.awsSecretKey && auth.awsRegion) {
+      const sigv4Headers = signRequest({ method: "POST", url, headers, body }, {
+        accessKeyId: auth.awsAccessKeyId,
+        secretAccessKey: auth.awsSecretKey,
+        sessionToken: auth.awsSessionToken,
+        region: auth.awsRegion
+      });
+      Object.assign(headers, sigv4Headers);
+    } else if (auth.apiKey) {
       headers[auth.headerName || "Authorization"] = auth.headerValue || auth.apiKey;
     }
-    return {
-      url: `${baseUrl}/model/${targetModel}/converse-stream`,
-      method: "POST",
-      headers,
-      body: JSON.stringify(requestBody)
-    };
+    return { url, method: "POST", headers, body };
   }
   modifyMessages(rawBody, compressedMessages) {
     return {
@@ -2153,6 +2263,57 @@ ${JSON.stringify({
 var bedrockAdapter = new BedrockAdapter;
 registerAdapter(bedrockAdapter);
+// src/adapters/openai-codex.ts
+class OpenAICodexAdapter {
+  apiType = "openai-codex-responses";
+  parseRequest(body) {
+    return parseOpenAIBody(body);
+  }
+  buildUpstreamRequest(parsed, targetModel, baseUrl, auth) {
+    const { rawBody } = parsed;
+    const upstreamBody = { ...rawBody };
+    upstreamBody.model = targetModel;
+    upstreamBody.stream = true;
+    upstreamBody.store = false;
+    if (!upstreamBody.instructions) {
+      upstreamBody.instructions = upstreamBody.system ?? "You are a helpful assistant.";
+    }
+    delete upstreamBody.system;
+    if (!upstreamBody.input && upstreamBody.messages) {
+      upstreamBody.input = upstreamBody.messages;
+      delete upstreamBody.messages;
+    }
+    delete upstreamBody.max_tokens;
+    delete upstreamBody.max_output_tokens;
+    return {
+      url: `${baseUrl}/codex/responses`,
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${auth.apiKey}`
+      },
+      body: JSON.stringify(upstreamBody)
+    };
+  }
+  modifyMessages(rawBody, compressedMessages) {
+    return openaiResponsesAdapter.modifyMessages(rawBody, compressedMessages);
+  }
+  parseResponse(body) {
+    return openaiResponsesAdapter.parseResponse(body);
+  }
+  buildResponse(parsed) {
+    return openaiResponsesAdapter.buildResponse(parsed);
+  }
+  parseStreamChunk(chunk) {
+    return openaiResponsesAdapter.parseStreamChunk(chunk);
+  }
+  buildStreamChunk(event) {
+    return openaiResponsesAdapter.buildStreamChunk(event);
+  }
+}
+var openaiCodexAdapter = new OpenAICodexAdapter;
+registerAdapter(openaiCodexAdapter);
 // src/compression/compaction-detector.ts
 var COMPACTION_PATTERNS = [
   "merge these partial summaries into a single cohesive summary",
@@ -2726,10 +2887,17 @@ function formatAuth(apiKey, providerConfig) {
     return { apiKey, headerName: "x-goog-api-key", headerValue: apiKey };
   }
   if (api === "bedrock-converse-stream") {
+    const secretKey = process.env.AWS_SECRET_ACCESS_KEY ?? "";
+    const sessionToken = process.env.AWS_SESSION_TOKEN;
+    const region = process.env.AWS_REGION ?? process.env.AWS_DEFAULT_REGION ?? extractRegionFromUrl(providerConfig?.baseUrl ?? "") ?? "us-east-1";
     return {
       apiKey,
       headerName: "Authorization",
-      headerValue: "AWS4-HMAC-SHA256 Credential=placeholder"
+      headerValue: "",
+      awsAccessKeyId: apiKey,
+      awsSecretKey: secretKey,
+      awsSessionToken: sessionToken,
+      awsRegion: region
     };
   }
   return { apiKey, headerName: "Authorization", headerValue: `Bearer ${apiKey}` };
@@ -3282,6 +3450,48 @@ function createCompressionMiddleware(config) {
 // src/proxy/pipeline.ts
 registerAdapter(new AnthropicAdapter);
+async function collectCodexStream(sourceAdapter, response) {
+  const reader = response.body.getReader();
+  const decoder2 = new TextDecoder;
+  let buffer = "";
+  let id = "";
+  let model = "";
+  const textParts = [];
+  let usage;
+  for (;; ) {
+    const { done, value } = await reader.read();
+    if (done)
+      break;
+    buffer += decoder2.decode(value, { stream: true });
+    let idx;
+    while ((idx = buffer.indexOf(`
+`)) !== -1) {
+      const frame = buffer.slice(0, idx);
+      buffer = buffer.slice(idx + 2);
+      if (!frame.trim() || !sourceAdapter.parseStreamChunk)
+        continue;
+      for (const event of sourceAdapter.parseStreamChunk(frame)) {
+        if (event.type === "message_start") {
+          id = event.id ?? "";
+          model = event.model ?? "";
+        } else if (event.type === "content_delta") {
+          textParts.push(event.text ?? "");
+        } else if (event.type === "message_stop" && event.usage) {
+          usage = event.usage;
+        }
+      }
+    }
+  }
+  return {
+    id,
+    model,
+    content: textParts.join(""),
+    role: "assistant",
+    stopReason: "completed",
+    usage
+  };
+}
 function findProviderForModel(modelString, openclawConfig) {
   const providers = openclawConfig.models?.providers;
   if (!providers)
@@ -3365,7 +3575,11 @@ async function handleApiRequest(req, body, apiType, config, openclawConfig, auth
   const authInfo = {
     apiKey: auth.apiKey,
     headerName: auth.headerName,
-    headerValue: auth.headerValue
+    headerValue: auth.headerValue,
+    awsAccessKeyId: auth.awsAccessKeyId,
+    awsSecretKey: auth.awsSecretKey,
+    awsSessionToken: auth.awsSessionToken,
+    awsRegion: auth.awsRegion
   };
   const actualModelId = decision.model.split("/").slice(1).join("/");
   const isCrossProvider = targetApiType !== "" && targetApiType !== apiType;
@@ -3387,6 +3601,18 @@ async function handleApiRequest(req, body, apiType, config, openclawConfig, auth
   if (compressionMiddleware && upstreamResponse.ok) {
     compressionMiddleware.afterResponse(parsed, adapter, baseUrl, authInfo);
   }
+  const isCodexUpstream = targetApiType === "openai-codex-responses";
+  if (isCodexUpstream && upstreamResponse.ok && upstreamResponse.body) {
+    if (effectiveParsed.stream) {
+      return translateResponse(requestAdapter, adapter, upstreamResponse, true);
+    }
+    const collected = await collectCodexStream(requestAdapter, upstreamResponse);
+    const translated = adapter.buildResponse(collected);
+    return new Response(JSON.stringify(translated), {
+      status: 200,
+      headers: { "content-type": "application/json" }
+    });
+  }
   if (targetAdapter && upstreamResponse.ok) {
     return translateResponse(targetAdapter, adapter, upstreamResponse, effectiveParsed.stream);
   }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "clawmux",
-  "version": "0.2.2",
+  "version": "0.3.0",
   "description": "Smart model routing + context compression proxy for OpenClaw",
   "type": "module",
   "bin": {