copillm 0.2.3 → 0.2.4

package/dist/server/proxy.js

@@ -1,49 +1,13 @@
 import { createServer } from "node:http";
 import { randomUUID } from "node:crypto";
-import { setTimeout as sleep } from "node:timers/promises";
-import { Readable } from "node:stream";
-import { pipeline } from "node:stream/promises";
-import { accountBaseUrl, listModels, listModelsUnion, resolveModelId } from "../models/discovery.js";
-import { CopilotTokenExchangeError, CopilotTokenManagerError } from "../auth/copilotToken.js";
-import { anthropicToOpenAI, openAIToAnthropic, ProtocolTranslationError, stripOneMillionAlias } from "../translation/openaiAnthropic.js";
-import { translateOpenAIStreamToAnthropic, writeAnthropicPrelude } from "../translation/streamingOpenAIToAnthropic.js";
-import { buildCodexCatalog } from "./codexSchema.js";
-import { getGithubUserSummary, GithubUserFetchError } from "./debugInfo.js";
-import { buildAnthropicModelsResponse } from "./anthropicModelsResponse.js";
-import { attachRequestLifecycle, isBenignSocketError, safeEnd, safeSendJson, safeWrite } from "./requestLifecycle.js";
-const COPILOT_HEADERS = {
-    "Content-Type": "application/json",
-    "Copilot-Integration-Id": "vscode-chat",
-    "Editor-Version": "vscode/1.95.0",
-    "Editor-Plugin-Version": "copilot-chat/0.26.7",
-    "User-Agent": "GitHubCopilotChat/0.26.7",
-    "Openai-Intent": "conversation-panel",
-    "X-GitHub-Api-Version": "2025-04-01",
-    "X-VScode-User-Agent-Library-Version": "electron-fetch",
-    // Disable gzip/br on the upstream response. Compressed SSE streams get
-    // buffered at gzip flush boundaries by undici's decoder, which causes
-    // visible "freeze then dump a paragraph" behaviour in Claude Code and
-    // other Anthropic-shape clients. Identity encoding lets each SSE event
-    // flow through immediately.
-    "Accept-Encoding": "identity"
-};
-const HEALTH_REFRESH_THRESHOLD_SECONDS = 60;
-const RETRYABLE_UPSTREAM_STATUSES = new Set([408, 409, 425, 429, 500, 502, 503, 504]);
-const MAX_UPSTREAM_ATTEMPTS = 3;
-const BASE_BACKOFF_MS = 200;
-const DAEMON_STARTED_AT_ISO = new Date().toISOString();
-class JsonRequestParseError extends Error {
-    constructor(message) {
-        super(message);
-        this.name = "JsonRequestParseError";
-    }
-}
-class InvalidRequestShapeError extends Error {
-    constructor(message) {
-        super(message);
-        this.name = "InvalidRequestShapeError";
-    }
-}
+import { attachRequestLifecycle, isBenignSocketError, safeEnd, safeSendJson } from "./requestLifecycle.js";
+import { InvalidRequestShapeError, JsonRequestParseError } from "./errors.js";
+import { ProtocolTranslationError } from "../translation/openaiAnthropic.js";
+import { handleHealthz, handleLivez } from "./routes/health.js";
+import { handleModels } from "./routes/models.js";
+import { handleDebug } from "./routes/debug.js";
+import { handleProxyForward } from "./routes/proxyForward.js";
+import { isLocalRequest, resolveRoute, safePathname } from "./routes/shared.js";
 export async function startProxyServer(input) {
     const debugEnabled = input.debug === true;
     const server = createServer(async (req, res) => {
@@ -63,198 +27,72 @@ export async function startProxyServer(input) {
         });
         try {
             if (!isLocalRequest(req)) {
-                sendJson(res, 403, { error: "non_loopback_request_rejected" });
+                safeSendJson(res, 403, { error: "non_loopback_request_rejected" });
                 return;
             }
             const route = resolveRoute(req.method, req.url);
             if (input.config.requireCallerSecret && route.kind !== "livez" && route.kind !== "healthz") {
                 const auth = req.headers.authorization;
                 if (!input.callerSecret || auth !== `Bearer ${input.callerSecret}`) {
-                    sendJson(res, 401, { error: "invalid_caller_secret" });
+                    safeSendJson(res, 401, { error: "invalid_caller_secret" });
                     return;
                 }
             }
-            if (route.kind === "livez") {
-                sendJson(res, 200, { status: "ok", uptime_seconds: Math.floor(process.uptime()) });
-                return;
-            }
-            if (route.kind === "healthz") {
-                const ttl = input.tokenManager.expiresInSeconds();
-                if (ttl !== null && ttl > HEALTH_REFRESH_THRESHOLD_SECONDS) {
-                    sendJson(res, 200, {
-                        status: "ok",
-                        token_state: "fresh",
-                        refresh_threshold_seconds: HEALTH_REFRESH_THRESHOLD_SECONDS,
-                        bearer_ttl_seconds: ttl
-                    });
+            switch (route.kind) {
+                case "livez":
+                    handleLivez(res);
                     return;
-                }
-                try {
-                    await input.tokenManager.ensureToken({ refreshThresholdSeconds: HEALTH_REFRESH_THRESHOLD_SECONDS });
-                    const refreshedTtl = input.tokenManager.expiresInSeconds() ?? 0;
-                    sendJson(res, 200, {
-                        status: "ok",
-                        token_state: "refreshed",
-                        refresh_threshold_seconds: HEALTH_REFRESH_THRESHOLD_SECONDS,
-                        bearer_ttl_seconds: refreshedTtl
-                    });
-                }
-                catch (error) {
-                    const failed = healthFailure(error);
-                    sendJson(res, failed.httpStatus, failed.payload);
-                }
-                return;
-            }
-            if (route.kind === "models" || route.kind === "codex_models" || route.kind === "anthropic_models") {
-                try {
-                    await input.tokenManager.ensureToken(false);
-                    const githubToken = input.githubToken;
-                    if (!githubToken) {
-                        sendJson(res, 503, { error: "github_token_unavailable" });
-                        return;
-                    }
-                    const result = route.kind === "codex_models" || route.kind === "anthropic_models"
-                        ? await listModelsUnion(input.config.accountType, githubToken, 3)
-                        : await listModels(input.config.accountType, githubToken);
-                    if (route.kind === "codex_models") {
-                        sendJson(res, 200, buildCodexCatalog(result.models));
-                        return;
-                    }
-                    if (route.kind === "anthropic_models") {
-                        sendJson(res, 200, buildAnthropicModelsResponse(result.models));
-                        return;
-                    }
-                    sendJson(res, 200, {
-                        models: result.models,
-                        discovery: {
-                            source: result.source,
-                            stale: result.stale,
-                            cache_age_seconds: result.cacheAgeSeconds,
-                            warning: result.warning
-                        }
-                    });
-                }
-                catch (error) {
-                    if (error instanceof CopilotTokenManagerError) {
-                        sendJson(res, 503, { error: "token_refresh_failed" });
-                        return;
-                    }
-                    throw error;
-                }
-                return;
-            }
-            if (route.kind === "debug") {
-                if (!debugEnabled) {
-                    sendJson(res, 404, { error: "not_found" });
+                case "healthz":
+                    await handleHealthz(res, input.tokenManager);
                     return;
-                }
-                await handleDebug(res, {
-                    config: input.config,
-                    logger: input.logger,
-                    tokenManager: input.tokenManager,
-                    githubToken: input.githubToken,
-                    port: input.port
-                });
-                return;
-            }
-            if (route.kind === "not_found") {
-                sendJson(res, 404, { error: "not_found" });
-                return;
-            }
-            const requestBody = await readJson(req);
-            const translatedBody = translateRequestBody(route.kind, requestBody);
-            const requestedModel = readRequestedModel(translatedBody);
-            if (input.config.selectedModels.length > 0 && !requestedModel) {
-                sendJson(res, 400, {
-                    error: "model_not_selected",
-                    detail: "Requested model is not enabled in local selection."
-                });
-                return;
-            }
-            let resolvedModel = null;
-            try {
-                resolvedModel = requestedModel ? resolveModelId(requestedModel, input.config.selectedModels) : null;
-            }
-            catch (error) {
-                const detail = error instanceof Error ? error.message : "Model resolution failed.";
-                sendJson(res, 400, { error: "ambiguous_model_selection", detail });
-                return;
-            }
-            if (input.config.selectedModels.length > 0 && !resolvedModel) {
-                sendJson(res, 400, {
-                    error: "model_not_selected",
-                    detail: "Requested model is not enabled in local selection."
-                });
-                return;
-            }
-            const upstreamBody = resolvedModel ? rewriteRequestedModel(translatedBody, resolvedModel.id) : translatedBody;
-            const upstreamPath = route.kind === "codex_responses" ? "/responses" : "/chat/completions";
-            const isAnthropicStreaming = route.anthroShape && isStreamingRequestBody(translatedBody);
-            let prelude = null;
-            if (isAnthropicStreaming) {
-                beginAnthropicSseResponse(res, req);
-                prelude = writeAnthropicPrelude(res, requestedModel ?? "");
-            }
-            input.logger.debug({
-                event: "request_prepared",
-                request_id: requestId,
-                route: route.kind,
-                anthro_shape: route.anthroShape,
-                requested_model: requestedModel,
-                upstream_model: readRequestedModel(upstreamBody),
-                model_resolution_rule: resolvedModel?.rule ?? null,
-                upstream_path: upstreamPath,
-                ...summarizeUpstreamPayload(upstreamBody)
-            }, "prepared upstream request");
-            try {
-                const upstream = await postToCopilot({
-                    tokenManager: input.tokenManager,
-                    accountType: input.config.accountType,
-                    body: upstreamBody,
-                    requestId,
-                    logger: input.logger,
-                    upstreamPath,
-                    signal: lifecycle.signal
-                });
-                await forwardResponse(upstream, route.anthroShape, res, {
-                    requestedModel: requestedModel ?? undefined,
-                    prelude,
-                    logger: input.logger,
-                    requestId
-                });
-            }
-            catch (error) {
-                if (isBenignSocketError(error)) {
-                    input.logger.debug({ event: "upstream_aborted", request_id: requestId, err: error }, "upstream request aborted (client disconnected)");
-                    safeEnd(res);
+                case "models":
+                case "codex_models":
+                case "anthropic_models":
+                    await handleModels(res, route.kind, input.config, input.tokenManager, input.githubToken);
                     return;
-                }
-                if (error instanceof CopilotTokenManagerError) {
-                    if (prelude) {
-                        writeAnthropicSseError(res, prelude, "token_refresh_failed");
+                case "debug":
+                    if (!debugEnabled) {
+                        safeSendJson(res, 404, { error: "not_found" });
                         return;
                     }
-                    sendJson(res, 503, { error: "token_refresh_failed" });
+                    await handleDebug(res, {
+                        config: input.config,
+                        logger: input.logger,
+                        tokenManager: input.tokenManager,
+                        githubToken: input.githubToken,
+                        port: input.port
+                    });
                     return;
-                }
-                if (prelude) {
-                    writeAnthropicSseError(res, prelude, "internal_error");
+                case "not_found":
+                    safeSendJson(res, 404, { error: "not_found" });
+                    return;
+                case "openai":
+                case "anthropic":
+                case "codex_responses":
+                    await handleProxyForward({
+                        req,
+                        res,
+                        route,
+                        config: input.config,
+                        tokenManager: input.tokenManager,
+                        logger: input.logger,
+                        requestId,
+                        signal: lifecycle.signal
+                    });
                     return;
-                }
-                throw error;
             }
         }
         catch (error) {
             if (error instanceof JsonRequestParseError) {
-                sendJson(res, 400, { error: "invalid_request_json", detail: error.message });
+                safeSendJson(res, 400, { error: "invalid_request_json", detail: error.message });
                 return;
             }
             if (error instanceof InvalidRequestShapeError) {
-                sendJson(res, 400, { error: "invalid_request_shape", detail: error.message });
+                safeSendJson(res, 400, { error: "invalid_request_shape", detail: error.message });
                 return;
             }
             if (error instanceof ProtocolTranslationError) {
-                sendJson(res, 400, { error: error.code, detail: error.message });
+                safeSendJson(res, 400, { error: error.code, detail: error.message });
                 return;
             }
             if (isBenignSocketError(error)) {
@@ -263,7 +101,7 @@ export async function startProxyServer(input) {
                 return;
             }
             input.logger.error({ err: error, request_id: requestId }, "request failed");
-            sendJson(res, 500, { error: "internal_error" });
+            safeSendJson(res, 500, { error: "internal_error" });
             safeEnd(res);
         }
     });
@@ -300,677 +138,4 @@ export async function startProxyServer(input) {
         })
     };
 }
-async function postToCopilot(input) {
-    let forceRefresh = false;
-    let authRefreshRetried = false;
-    for (let attempt = 1; attempt <= MAX_UPSTREAM_ATTEMPTS; attempt += 1) {
-        if (input.signal?.aborted) {
-            throw abortErrorFromSignal(input.signal);
-        }
-        try {
-            const attemptStartedAt = Date.now();
-            input.logger.debug({
-                event: "upstream_request",
-                request_id: input.requestId,
-                attempt,
-                upstream_path: input.upstreamPath,
-                force_refresh: forceRefresh
-            }, "posting upstream request");
-            const response = await postWithCurrentBearer(input.tokenManager, input.accountType, input.body, forceRefresh, input.requestId, input.upstreamPath, input.signal);
-            input.logger.debug({
-                event: "upstream_response",
-                request_id: input.requestId,
-                attempt,
-                upstream_path: input.upstreamPath,
-                status_code: response.status,
-                duration_ms: Date.now() - attemptStartedAt,
-                content_type: response.headers.get("content-type"),
-                retry_after: response.headers.get("retry-after")
-            }, "received upstream response");
-            forceRefresh = false;
-            if (response.status === 401 && !authRefreshRetried && attempt < MAX_UPSTREAM_ATTEMPTS) {
-                authRefreshRetried = true;
-                forceRefresh = true;
-                input.logger.warn({ event: "upstream_retry", request_id: input.requestId, attempt, reason: "upstream_auth_401" }, "retrying upstream request after forced token refresh");
-                await discardUpstreamBody(response);
-                continue;
-            }
-            if (isRetryableStatus(response.status) && attempt < MAX_UPSTREAM_ATTEMPTS) {
-                input.logger.warn({ event: "upstream_retry", request_id: input.requestId, attempt, status_code: response.status }, "retrying upstream request");
-                await discardUpstreamBody(response);
-                await sleep(retryDelayMs(attempt));
-                continue;
-            }
-            return response;
-        }
-        catch (error) {
-            if (isBenignSocketError(error)) {
-                // Client disconnected — propagate so the request handler can clean up.
-                throw error;
-            }
-            if (!isRetryableTransportError(error) || attempt >= MAX_UPSTREAM_ATTEMPTS) {
-                throw error;
-            }
-            input.logger.warn({ event: "upstream_retry", request_id: input.requestId, attempt, reason: "transport_error" }, "retrying upstream request after transport error");
-            await sleep(retryDelayMs(attempt));
-        }
-    }
-    throw new Error("Upstream retry budget exhausted unexpectedly.");
-}
-async function postWithCurrentBearer(tokenManager, accountType, body, forceRefresh, requestId, upstreamPath, signal) {
-    const bearer = await tokenManager.ensureToken({ forceRefresh });
-    return fetch(`${accountBaseUrl(accountType)}${upstreamPath}`, {
-        method: "POST",
-        headers: {
-            ...COPILOT_HEADERS,
-            Authorization: `Bearer ${bearer}`,
-            "X-Request-Id": requestId
-        },
-        body: JSON.stringify(body),
-        signal
-    });
-}
-function abortErrorFromSignal(signal) {
-    const reason = signal.reason;
-    if (reason instanceof Error) {
-        return reason;
-    }
-    const err = new Error("Request aborted by client");
-    err.name = "AbortError";
-    return err;
-}
-async function forwardResponse(upstream, anthroShape, res, diagnostics) {
-    if (!upstream.ok) {
-        const upstreamError = await readUpstreamError(upstream);
-        const category = upstreamStatusCategory(upstream.status);
-        diagnostics.logger.warn({
-            event: "upstream_non_ok",
-            request_id: diagnostics.requestId,
-            status_code: upstream.status,
-            error: category,
-            upstream_content_type: upstreamError.contentType,
-            upstream_error_code: upstreamError.code,
-            upstream_error_type: upstreamError.type,
-            upstream_error_message: upstreamError.message,
-            upstream_response_bytes: upstreamError.responseBytes
-        }, "upstream request failed");
-        const message = formatUpstreamErrorMessage(category, upstreamError);
-        const prelude = diagnostics.prelude ?? null;
-        if (prelude) {
-            writeAnthropicSseError(res, prelude, message);
-            return;
-        }
-        sendJson(res, upstream.status, buildUpstreamErrorPayload(category, upstream.status, diagnostics.requestId, upstreamError, anthroShape));
-        return;
-    }
-    if (isEventStream(upstream)) {
-        if (anthroShape) {
-            if (!upstream.body) {
-                if (diagnostics.prelude) {
-                    writeAnthropicSseError(res, diagnostics.prelude, "invalid_upstream_response");
-                    return;
-                }
-                sendJson(res, 502, { error: "invalid_upstream_response", detail: "Upstream stream body is missing." });
-                return;
-            }
-            if (!diagnostics.prelude) {
-                beginAnthropicSseResponse(res);
-            }
-            const upstreamReadable = Readable.fromWeb(upstream.body);
-            await translateOpenAIStreamToAnthropic({
-                upstream: upstreamReadable,
-                downstream: res,
-                fallbackModel: diagnostics.requestedModel,
-                preEmittedMessageId: diagnostics.prelude?.messageId
-            });
-            return;
-        }
-        await pipeEventStream(upstream, res);
-        return;
-    }
-    if (diagnostics.prelude) {
-        writeAnthropicSseError(res, diagnostics.prelude, "invalid_upstream_response");
-        return;
-    }
-    let json;
-    try {
-        json = (await upstream.json());
-    }
-    catch {
-        sendJson(res, 502, { error: "invalid_upstream_response" });
-        return;
-    }
-    let payload = json;
-    if (anthroShape) {
-        try {
-            payload = openAIToAnthropic(json);
-        }
-        catch (error) {
-            if (error instanceof ProtocolTranslationError) {
-                sendJson(res, 502, { error: error.code, detail: error.message });
-                return;
-            }
-            throw error;
-        }
-    }
-    sendJson(res, 200, payload);
-}
-async function pipeEventStream(upstream, res) {
-    if (!upstream.body) {
-        sendJson(res, 502, { error: "invalid_upstream_response", detail: "Upstream stream body is missing." });
-        return;
-    }
-    res.statusCode = upstream.status;
-    res.setHeader("Content-Type", "text/event-stream");
-    const cacheControl = upstream.headers.get("cache-control");
-    if (cacheControl) {
-        res.setHeader("Cache-Control", cacheControl);
-    }
-    else {
-        res.setHeader("Cache-Control", "no-cache");
-    }
-    const connection = upstream.headers.get("connection");
-    if (connection) {
-        res.setHeader("Connection", connection);
-    }
-    else {
-        res.setHeader("Connection", "keep-alive");
-    }
-    res.setHeader("X-Accel-Buffering", "no");
-    if (typeof res.flushHeaders === "function") {
-        res.flushHeaders();
-    }
-    if (res.socket && typeof res.socket.setNoDelay === "function") {
-        res.socket.setNoDelay(true);
-    }
-    try {
-        await pipeline(Readable.fromWeb(upstream.body), res);
-    }
-    catch (error) {
-        if (isBenignSocketError(error)) {
-            // Client went away mid-stream — normal for SSE consumers (Codex,
-            // Claude Code, pi) that cancel pending responses on user input.
-            return;
-        }
-        throw error;
-    }
-}
-function isEventStream(upstream) {
-    const contentType = upstream.headers.get("content-type");
-    return typeof contentType === "string" && contentType.toLowerCase().includes("text/event-stream");
-}
-function isStreamingRequestBody(body) {
-    return typeof body === "object" && body !== null && body.stream === true;
-}
-function beginAnthropicSseResponse(res, req) {
-    if (res.headersSent) {
-        return;
-    }
-    res.statusCode = 200;
-    res.setHeader("Content-Type", "text/event-stream");
-    res.setHeader("Cache-Control", "no-cache");
-    res.setHeader("Connection", "keep-alive");
-    res.setHeader("X-Accel-Buffering", "no");
-    if (typeof res.flushHeaders === "function") {
-        res.flushHeaders();
-    }
-    const socket = res.socket ?? req?.socket;
-    if (socket && typeof socket.setNoDelay === "function") {
-        socket.setNoDelay(true);
-    }
-}
-export function writeAnthropicSseError(res, prelude, code) {
-    void prelude;
-    try {
-        safeWrite(res, `event: message_delta\ndata: ${JSON.stringify({
-            type: "message_delta",
-            delta: { stop_reason: "end_turn", stop_sequence: null },
-            usage: { input_tokens: 0, output_tokens: 0, cache_read_input_tokens: 0 }
-        })}\n\n`);
-        safeWrite(res, `event: error\ndata: ${JSON.stringify({ type: "error", error: { type: "api_error", message: code } })}\n\n`);
-        safeWrite(res, `event: message_stop\ndata: ${JSON.stringify({ type: "message_stop" })}\n\n`);
-    }
-    finally {
-        safeEnd(res);
-    }
-}
-function isLocalRequest(req) {
-    const remote = req.socket.remoteAddress ?? "";
-    const local = req.socket.localAddress ?? "";
-    return isLoopbackAddress(remote) && (local.length === 0 || isLoopbackAddress(local));
-}
-function isLoopbackAddress(value) {
-    return value === "127.0.0.1" || value === "::1" || value === "::ffff:127.0.0.1";
-}
-async function readJson(req) {
-    const chunks = [];
-    for await (const chunk of req) {
-        chunks.push(typeof chunk === "string" ? Buffer.from(chunk) : chunk);
-    }
-    if (chunks.length === 0) {
-        return {};
-    }
-    const text = Buffer.concat(chunks).toString("utf8");
-    try {
-        return JSON.parse(text);
-    }
-    catch (error) {
-        if (error instanceof SyntaxError) {
-            throw new JsonRequestParseError("Failed to parse JSON body.");
-        }
-        throw error;
-    }
-}
-function sendJson(res, status, payload) {
-    safeSendJson(res, status, payload);
-}
-function readRequestedModel(payload) {
-    if (!payload || typeof payload !== "object") {
-        return null;
-    }
-    const maybeModel = payload.model;
-    return typeof maybeModel === "string" ? maybeModel : null;
-}
-function rewriteRequestedModel(payload, model) {
-    if (!payload || typeof payload !== "object" || Array.isArray(payload)) {
-        return payload;
-    }
-    return {
-        ...payload,
-        model
-    };
-}
-function translateRequestBody(routeKind, body) {
-    if (routeKind !== "anthropic") {
-        return normaliseAliasedModelInPlace(body);
-    }
-    try {
-        return anthropicToOpenAI(body);
-    }
-    catch (error) {
-        if (error instanceof Error) {
-            throw new InvalidRequestShapeError(error.message);
-        }
-        throw new InvalidRequestShapeError("Invalid Anthropic request body.");
-    }
-}
-/**
- * Defensive strip of the `[1m]` alias for pass-through routes (OpenAI chat
- * completions, Codex responses). The Anthropic route already strips inside
- * `anthropicToOpenAI`; this catches anything that might land on the
- * pass-through paths with a hand-pasted aliased id so upstream Copilot
- * always receives the canonical model id.
- */
-function normaliseAliasedModelInPlace(body) {
-    if (body && typeof body === "object" && !Array.isArray(body)) {
-        const record = body;
-        if (typeof record.model === "string") {
-            const stripped = stripOneMillionAlias(record.model);
-            if (stripped !== record.model) {
-                record.model = stripped;
-            }
-        }
-    }
-    return body;
-}
-async function handleDebug(res, input) {
-    const bearerTtlSeconds = input.tokenManager.expiresInSeconds();
-    const uptimeSeconds = Math.max(0, Math.floor((Date.now() - Date.parse(DAEMON_STARTED_AT_ISO)) / 1_000));
-    let user = null;
-    let userError = null;
-    if (input.githubToken) {
-        try {
-            const summary = await getGithubUserSummary(input.githubToken);
-            user = {
-                login: summary.login,
-                id: summary.id,
-                type: summary.type
-            };
-        }
-        catch (error) {
-            if (error instanceof GithubUserFetchError) {
-                userError = `github_user_lookup_failed_${error.status}`;
-            }
-            else {
-                userError = error instanceof Error ? error.message : "unknown_error";
-            }
-        }
-    }
-    else {
-        userError = "github_token_unavailable_in_proxy";
-    }
-    sendJson(res, 200, {
-        server: {
-            port: input.port,
-            pid: process.pid,
-            node_version: process.version,
-            started_at_iso: DAEMON_STARTED_AT_ISO,
-            uptime_seconds: uptimeSeconds,
-            account_type: input.config.accountType,
-            selected_models: input.config.selectedModels,
-            require_caller_secret: input.config.requireCallerSecret,
-            log_level: input.logger.level,
-            log_file: process.env.COPILLM_LOG_FILE ?? null
-        },
-        auth: {
-            bearer_ttl_seconds: bearerTtlSeconds,
-            bearer_present: input.tokenManager.current !== null,
-            bearer_expires_at_unix: input.tokenManager.current?.expiresAtUnix ?? null
-        },
-        user,
-        user_error: userError,
-        routes: [
-            "GET /livez",
-            "GET /healthz",
-            "GET /models",
-            "GET /v1/models",
-            "GET /codex/v1/models",
-            "GET /anthropic/v1/models",
-            "POST /codex/v1/responses",
-            "POST /v1/chat/completions",
-            "POST /v1/messages",
-            "POST /anthropic/v1/messages",
-            "GET /_debug"
-        ],
-        debug_enabled: true
-    });
-}
-function resolveRoute(method, rawUrl) {
-    if (!method || !rawUrl) {
-        return { kind: "not_found", anthroShape: false };
-    }
-    let pathname;
-    try {
-        pathname = new URL(rawUrl, "http://127.0.0.1").pathname;
-    }
-    catch {
-        return { kind: "not_found", anthroShape: false };
-    }
-    if (method === "GET" && pathname === "/livez") {
-        return { kind: "livez", anthroShape: false };
-    }
-    if (method === "GET" && pathname === "/healthz") {
-        return { kind: "healthz", anthroShape: false };
-    }
-    if (method === "GET" && (pathname === "/models" || pathname === "/v1/models")) {
-        return { kind: "models", anthroShape: false };
-    }
-    if (method === "GET" && pathname === "/codex/v1/models") {
-        return { kind: "codex_models", anthroShape: false };
-    }
-    if (method === "GET" && pathname === "/anthropic/v1/models") {
-        return { kind: "anthropic_models", anthroShape: false };
-    }
-    if (method === "POST" && pathname === "/codex/v1/responses") {
-        return { kind: "codex_responses", anthroShape: false };
-    }
-    if (method === "GET" && pathname === "/_debug") {
-        return { kind: "debug", anthroShape: false };
-    }
-    if (method === "POST" && pathname === "/v1/chat/completions") {
-        return { kind: "openai", anthroShape: false };
-    }
-    if (method === "POST" && (pathname === "/anthropic/v1/messages" || pathname === "/v1/messages")) {
-        return { kind: "anthropic", anthroShape: true };
-    }
-    return { kind: "not_found", anthroShape: false };
-}
-function isRetryableStatus(status) {
-    return RETRYABLE_UPSTREAM_STATUSES.has(status);
-}
-function retryDelayMs(attempt) {
-    return BASE_BACKOFF_MS * Math.pow(2, Math.max(0, attempt - 1));
-}
-function isRetryableTransportError(error) {
-    if (!error || typeof error !== "object") {
-        return false;
-    }
-    const typedError = error;
-    const directCode = typedError.code?.toUpperCase();
-    const causeCode = typedError.cause?.code?.toUpperCase();
-    if (directCode === "ECONNRESET" || directCode === "ECONNREFUSED" || directCode === "ETIMEDOUT") {
-        return true;
-    }
-    if (causeCode === "ECONNRESET" || causeCode === "ECONNREFUSED" || causeCode === "ETIMEDOUT") {
-        return true;
-    }
-    if (!(typedError instanceof Error)) {
-        return false;
-    }
-    const message = typedError.message.toLowerCase();
-    if (message.includes("timed out") || message.includes("timeout")) {
-        return true;
-    }
-    return message.includes("econnreset") || message.includes("econnrefused") || message.includes("enotfound");
-}
-function upstreamStatusCategory(status) {
-    if (status === 401 || status === 403) {
-        return "upstream_auth_error";
-    }
-    if (status === 429) {
-        return "upstream_rate_limited";
-    }
-    if (status >= 500) {
-        return "upstream_server_error";
-    }
-    if (status >= 400) {
-        return "upstream_request_error";
-    }
-    return "upstream_error";
-}
-async function readUpstreamError(response) {
-    const contentType = response.headers.get("content-type");
-    let text;
-    try {
-        text = await response.text();
-    }
-    catch {
-        return { contentType, code: null, type: null, message: null, responseBytes: null };
-    }
-    const trimmed = text.trim();
-    const responseBytes = Buffer.byteLength(text, "utf8");
-    if (trimmed.length === 0) {
-        return { contentType, code: null, type: null, message: null, responseBytes };
-    }
-    try {
-        const parsed = JSON.parse(trimmed);
-        const extracted = extractErrorFields(parsed);
-        if (extracted.message || extracted.code || extracted.type) {
-            return { contentType, responseBytes, ...extracted };
-        }
-    }
-    catch {
-        // Fall through to a plain-text snippet below.
-    }
-    return {
-        contentType,
-        code: null,
-        type: null,
-        message: truncateForDiagnostics(trimmed),
-        responseBytes
-    };
-}
-function extractErrorFields(payload) {
-    if (!payload || typeof payload !== "object") {
-        return { code: null, type: null, message: typeof payload === "string" ? truncateForDiagnostics(payload) : null };
-    }
-    const record = payload;
-    const nested = record.error;
-    if (typeof nested === "string") {
-        return {
-            code: readStringField(record, "code"),
-            type: readStringField(record, "type"),
-            message: truncateForDiagnostics(nested)
-        };
-    }
-    if (nested && typeof nested === "object") {
-        const errorRecord = nested;
-        return {
-            code: readStringField(errorRecord, "code") ?? readStringField(record, "code"),
-            type: readStringField(errorRecord, "type") ?? readStringField(record, "type"),
-            message: readTruncatedStringField(errorRecord, "message") ??
-                readTruncatedStringField(errorRecord, "detail") ??
-                readTruncatedStringField(record, "message") ??
-                readTruncatedStringField(record, "detail")
-        };
-    }
-    return {
-        code: readStringField(record, "code"),
-        type: readStringField(record, "type"),
-        message: readTruncatedStringField(record, "message") ?? readTruncatedStringField(record, "detail")
-    };
-}
-function buildUpstreamErrorPayload(category, statusCode, requestId, upstreamError, anthroShape) {
-    const code = upstreamError.code ?? category;
-    const type = upstreamError.type ?? category;
-    const message = formatUserFacingUpstreamErrorMessage(category, upstreamError);
-    if (anthroShape) {
-        return {
-            type: "error",
-            error: {
-                type,
-                message,
-                code,
-                upstream_status_code: statusCode,
-                request_id: requestId
-            }
-        };
-    }
-    return {
-        error: {
-            type,
-            code,
-            message,
-            upstream_status_code: statusCode,
-            request_id: requestId
-        }
-    };
-}
-function formatUpstreamErrorMessage(category, upstreamError) {
-    const parts = [upstreamError.code, upstreamError.type, upstreamError.message].filter((part) => typeof part === "string" && part.length > 0);
-    return parts.length > 0 ? `${category}: ${parts.join(": ")}` : category;
-}
-function formatUserFacingUpstreamErrorMessage(category, upstreamError) {
-    if (upstreamError.code && upstreamError.message) {
-        return `${upstreamError.code}: ${upstreamError.message}`;
-    }
-    if (upstreamError.message) {
-        return upstreamError.message;
-    }
-    return upstreamError.code ?? upstreamError.type ?? category;
-}
-function readStringField(record, key) {
-    const value = record[key];
-    return typeof value === "string" && value.length > 0 ? value : null;
-}
-function readTruncatedStringField(record, key) {
-    const value = readStringField(record, key);
-    return value ? truncateForDiagnostics(value) : null;
-}
-function truncateForDiagnostics(value) {
-    const maxChars = 500;
-    return value.length > maxChars ? `${value.slice(0, maxChars)}...` : value;
-}
-function summarizeUpstreamPayload(payload) {
-    let requestBytes = null;
-    try {
-        requestBytes = Buffer.byteLength(JSON.stringify(payload), "utf8");
-    }
-    catch {
-        requestBytes = null;
-    }
-    if (!payload || typeof payload !== "object" || Array.isArray(payload)) {
-        return { upstream_request_bytes: requestBytes };
-    }
-    const record = payload;
-    const messages = Array.isArray(record.messages) ? record.messages : null;
-    const input = Array.isArray(record.input) ? record.input : null;
-    return {
-        upstream_request_bytes: requestBytes,
-        stream: record.stream === true,
-        max_tokens: typeof record.max_tokens === "number" ? record.max_tokens : null,
-        message_count: messages?.length ?? null,
-        input_item_count: input?.length ?? null,
-        tool_count: Array.isArray(record.tools) ? record.tools.length : 0,
-        text_characters: sumTextCharacters(payload)
-    };
-}
-function sumTextCharacters(value) {
-    if (typeof value === "string") {
-        return value.length;
-    }
-    if (!value || typeof value !== "object") {
-        return 0;
-    }
-    if (Array.isArray(value)) {
-        return value.reduce((total, item) => total + sumTextCharacters(item), 0);
-    }
-    let total = 0;
-    const record = value;
-    for (const [key, nested] of Object.entries(record)) {
-        if (key === "text" || key === "content" || key === "arguments" || key === "input") {
-            total += sumTextCharacters(nested);
-        }
-        else if (nested && typeof nested === "object" && key !== "data" && key !== "image_url" && key !== "source") {
-            total += sumTextCharacters(nested);
-        }
-    }
-    return total;
-}
-function healthFailure(error) {
-    if (error instanceof CopilotTokenExchangeError) {
-        if (error.statusCode === 401 || error.statusCode === 403) {
-            return {
-                httpStatus: 401,
-                payload: {
-                    status: "unauthenticated",
-                    error: "github_auth_invalid",
-                    upstream_status_code: error.statusCode
-                }
-            };
-        }
-        return {
-            httpStatus: 503,
-            payload: {
-                status: "upstream_unreachable",
-                error: "token_exchange_failed",
-                upstream_status_code: error.statusCode
-            }
-        };
-    }
-    if (error instanceof CopilotTokenManagerError) {
-        return {
-            httpStatus: 401,
-            payload: {
-                status: "unauthenticated",
-                error: "token_refresh_failed"
-            }
-        };
-    }
-    return {
-        httpStatus: 503,
-        payload: {
-            status: "upstream_unreachable",
-            error: "token_refresh_unavailable"
-        }
-    };
-}
-function safePathname(rawUrl) {
-    if (!rawUrl) {
-        return "/";
-    }
-    try {
-        return new URL(rawUrl, "http://127.0.0.1").pathname;
-    }
-    catch {
-        return "/";
-    }
-}
-async function discardUpstreamBody(response) {
-    try {
-        await response.arrayBuffer();
-    }
-    catch {
-        // ignore body drain failures
-    }
-}
+export { writeAnthropicSseError } from "./errors.js";