npm - copilot-cursor-proxy - Versions diffs - 1.1.1 → 1.2.0 - Mend

copilot-cursor-proxy 1.1.1 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dashboard.html CHANGED Viewed

@@ -374,10 +374,10 @@ tr:hover td { background: var(--bg-hover); }
                 </div>
             </div>
             <div class="card">
-                <div class="card-label">API Key</div>
+                <div class="card-label">API Key (copilot-api)</div>
                 <div class="copy-row">
-                    <div class="card-value mono">dummy</div>
-                    <button class="copy-btn" onclick="copyText('dummy',this)">Copy</button>
+                    <div class="card-value mono" id="upstream-key-display">Loading…</div>
+                    <button class="copy-btn" id="upstream-key-copy-btn" style="display:none" onclick="copyUpstreamKey(this)">Copy</button>
                 </div>
             </div>
             <div class="card" style="grid-column: 1 / -1">
@@ -388,10 +388,32 @@ tr:hover td { background: var(--bg-hover); }
             </div>
         </div>
+        <!-- Upstream (copilot-api) Keys -->
+        <div class="card" style="margin-bottom: 24px;">
+            <div style="display: flex; justify-content: space-between; align-items: center; margin-bottom: 16px;">
+                <h3 style="margin: 0; border: none; padding: 0;">Copilot API Keys</h3>
+                <button onclick="handleCreateUpstreamKey()" style="background: var(--accent); color: #000; border: none; padding: 8px 16px; border-radius: 6px; cursor: pointer; font-weight: 600; white-space: nowrap;">+ New Key</button>
+            </div>
+            <p style="color: #888; font-size: 13px; margin-bottom: 12px;">
+                Keys stored in copilot-api's <code style="color:var(--accent)">config.json</code>. The first key is used by the proxy for upstream requests.
+                <br><span style="color:var(--yellow);">Note:</span> New keys require a copilot-api restart to take effect.
+            </p>
+            <div id="newUpstreamKeyAlert" style="display: none; background: #1a2e1a; border: 1px solid #22c55e; border-radius: 8px; padding: 12px; margin-bottom: 16px;">
+                <div style="color: #22c55e; font-weight: 600; margin-bottom: 4px;">Copy this key now — it won't be shown in full again!</div>
+                <div style="display: flex; align-items: center; gap: 8px;">
+                    <code id="newUpstreamKeyValue" style="flex: 1; background: #111; padding: 8px; border-radius: 4px; font-size: 13px; color: #22c55e; word-break: break-all;"></code>
+                    <button onclick="copyText(document.getElementById('newUpstreamKeyValue').textContent, this)" style="background: #333; border: none; color: #fff; padding: 6px 12px; border-radius: 4px; cursor: pointer;">Copy</button>
+                </div>
+            </div>
+            <div id="upstreamKeysList"></div>
+        </div>
         <!-- API Key Management -->
         <div class="card" style="margin-bottom: 24px;">
             <div style="display: flex; justify-content: space-between; align-items: center; margin-bottom: 16px;">
-                <h3 style="margin: 0; border: none; padding: 0;">API Key Protection</h3>
+                <h3 style="margin: 0; border: none; padding: 0;">Proxy API Key Protection</h3>
                 <label class="toggle">
                     <input type="checkbox" id="requireKeyToggle" onchange="toggleRequireKey(this.checked)">
                     <span class="toggle-slider"></span>
@@ -617,6 +639,87 @@ async function fetchModels() {
 }
 fetchModels();
+/* ── Tab 1: Upstream (copilot-api) Keys ───────────────────── */
+let fullUpstreamKey = '';
+async function loadUpstreamKeys() {
+    try {
+        const resp = await fetch('/api/upstream-keys');
+        const data = await resp.json();
+        const display = document.getElementById('upstream-key-display');
+        const copyBtn = document.getElementById('upstream-key-copy-btn');
+        if (data.keys && data.keys.length > 0) {
+            display.textContent = data.keys[0];
+            copyBtn.style.display = '';
+        } else {
+            display.textContent = 'No keys configured';
+            display.style.color = 'var(--yellow)';
+        }
+        renderUpstreamKeys(data.keys || []);
+    } catch (e) {
+        document.getElementById('upstream-key-display').textContent = 'Failed to load';
+    }
+}
+function renderUpstreamKeys(maskedKeys) {
+    const list = document.getElementById('upstreamKeysList');
+    if (maskedKeys.length === 0) {
+        list.innerHTML = '<div style="color: #666; font-size: 13px; padding: 12px 0;">No API keys configured. Create one to authenticate with copilot-api.</div>';
+        return;
+    }
+    list.innerHTML = '';
+    maskedKeys.forEach((k, i) => {
+        const row = document.createElement('div');
+        row.style.cssText = 'display: flex; align-items: center; gap: 12px; padding: 10px 0; border-bottom: 1px solid #222;';
+        const badge = i === 0
+            ? '<span style="font-size:11px;padding:2px 8px;border-radius:10px;background:#1a2332;color:var(--accent);margin-left:8px;">Active</span>'
+            : '';
+        row.innerHTML =
+            '<div style="flex: 1; min-width: 0;">' +
+                '<code style="color: #aaa; font-size: 13px;">' + esc(k) + '</code>' + badge +
+            '</div>' +
+            '<button class="copy-btn" title="Copy masked key" onclick="copyText(\'' + esc(k) + '\', this)">Copy</button>' +
+            '<button style="background: none; border: none; color: #666; cursor: pointer; font-size: 16px; padding: 4px 8px;" title="Delete" data-key="' + esc(k) + '">🗑</button>';
+        row.querySelector('button[title="Delete"]').addEventListener('click', function() { handleDeleteUpstreamKey(this.dataset.key); });
+        list.appendChild(row);
+    });
+}
+function copyUpstreamKey(btn) {
+    const display = document.getElementById('upstream-key-display').textContent;
+    copyText(display, btn);
+}
+async function handleCreateUpstreamKey() {
+    try {
+        const resp = await fetch('/api/upstream-keys', { method: 'POST' });
+        const data = await resp.json();
+        if (data.key) {
+            document.getElementById('newUpstreamKeyAlert').style.display = 'block';
+            document.getElementById('newUpstreamKeyValue').textContent = data.key;
+            loadUpstreamKeys();
+        }
+    } catch (e) {
+        alert('Failed to create key: ' + e.message);
+    }
+}
+async function handleDeleteUpstreamKey(maskedKey) {
+    if (!confirm('Delete this copilot-api key?')) return;
+    const prefix = maskedKey.split('...')[0];
+    try {
+        await fetch('/api/upstream-keys/' + encodeURIComponent(prefix), { method: 'DELETE' });
+        document.getElementById('newUpstreamKeyAlert').style.display = 'none';
+        loadUpstreamKeys();
+    } catch (e) {
+        alert('Failed to delete key: ' + e.message);
+    }
+}
+loadUpstreamKeys();
 /* ── Tab 1: API Key Management ─────────────────────────────── */
 let authConfig = { requireApiKey: false, keys: [] };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "copilot-cursor-proxy",
-  "version": "1.1.1",
+  "version": "1.2.0",
   "description": "Proxy that bridges GitHub Copilot API to Cursor IDE — translates Anthropic format, bridges Responses API for GPT 5.x, and more",
   "bin": {
     "copilot-cursor-proxy": "bin/cli.js"
@@ -12,7 +12,7 @@
     "README.md"
   ],
   "scripts": {
-    "build": "bun build start.ts proxy-router.ts anthropic-transforms.ts responses-bridge.ts responses-converters.ts stream-proxy.ts debug-logger.ts auth-config.ts --outdir dist --target node",
+    "build": "bun build start.ts proxy-router.ts anthropic-transforms.ts responses-bridge.ts responses-converters.ts stream-proxy.ts debug-logger.ts auth-config.ts upstream-auth.ts --outdir dist --target node",
     "dev": "bun run start.ts",
     "start": "bun dist/start.js"
   },

package/proxy-router.ts CHANGED Viewed

@@ -4,6 +4,7 @@ import { createStreamProxy } from './stream-proxy';
 import { logIncomingRequest, logTransformedRequest } from './debug-logger';
 import { addRequestLog, getNextRequestId, getUsageStats, flushToDisk, type RequestLog } from './usage-db';
 import { loadAuthConfig, saveAuthConfig, generateApiKey, validateApiKey } from './auth-config';
+import { getUpstreamAuthHeader, getUpstreamApiKeys, createUpstreamApiKey, deleteUpstreamApiKey } from './upstream-auth';
 // ── Console capture for SSE streaming ─────────────────────────────────────────
 interface ConsoleLine {
@@ -169,11 +170,40 @@ Bun.serve({
         return Response.json({ ok: true }, { headers: corsHeaders });
     }
+    // ── Upstream (copilot-api) key management ────────────────────────
+    if (url.pathname === "/api/upstream-keys" && req.method === "GET") {
+        const keys = getUpstreamApiKeys();
+        const masked = keys.map(k => k.slice(0, 14) + '...' + k.slice(-4));
+        return Response.json({ keys: masked, count: keys.length }, { headers: corsHeaders });
+    }
+    if (url.pathname === "/api/upstream-keys" && req.method === "POST") {
+        try {
+            const newKey = createUpstreamApiKey();
+            return Response.json({ key: newKey }, { headers: corsHeaders });
+        } catch (e: any) {
+            return Response.json({ error: e?.message || 'Failed to create key' }, { status: 500, headers: corsHeaders });
+        }
+    }
+    if (url.pathname.startsWith("/api/upstream-keys/") && req.method === "DELETE") {
+        const keyPrefix = decodeURIComponent(url.pathname.split('/').pop() || '');
+        const keys = getUpstreamApiKeys();
+        const match = keys.find(k => k.startsWith(keyPrefix) || k.endsWith(keyPrefix));
+        if (match) {
+            deleteUpstreamApiKey(match);
+            return Response.json({ ok: true }, { headers: corsHeaders });
+        }
+        return Response.json({ error: 'Key not found' }, { status: 404, headers: corsHeaders });
+    }
     // ── Dashboard API: model list (bypasses API key auth) ──────────────
     if (url.pathname === "/api/models" && req.method === "GET") {
         try {
             const modelsUrl = new URL('/v1/models', TARGET_URL);
-            const response = await fetch(modelsUrl.toString());
+            const response = await fetch(modelsUrl.toString(), {
+                headers: { 'Authorization': getUpstreamAuthHeader() },
+            });
             const data = await response.json();
             if (data.data && Array.isArray(data.data)) {
                 data.data = data.data.map((model: any) => ({
@@ -243,7 +273,7 @@ Bun.serve({
         const headers = new Headers(req.headers);
         headers.set("host", targetUrl.host);
-        headers.delete("authorization"); // Don't leak proxy API keys upstream
+        headers.set("authorization", getUpstreamAuthHeader());
         const needsResponsesAPI = targetModel.match(/^gpt-5\.[2-9]|^gpt-5\.\d+-codex|^o[1-9]|^goldeneye/i);
@@ -344,7 +374,7 @@ Bun.serve({
       if (req.method === "GET" && url.pathname.includes("/models")) {
         const headers = new Headers(req.headers);
         headers.set("host", targetUrl.host);
-        headers.delete("authorization"); // Don't leak proxy API keys upstream
+        headers.set("authorization", getUpstreamAuthHeader());
         const response = await fetch(targetUrl.toString(), { method: "GET", headers: headers });
         const data = await response.json();
@@ -363,7 +393,7 @@ Bun.serve({
       const headers = new Headers(req.headers);
       headers.set("host", targetUrl.host);
-      headers.delete("authorization"); // Don't leak proxy API keys upstream
+      headers.set("authorization", getUpstreamAuthHeader());
       const response = await fetch(targetUrl.toString(), {
         method: req.method,
         headers: headers,

package/responses-bridge.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import { convertResponsesSyncToChatCompletions, convertResponsesStreamToChatCompletions } from './responses-converters';
+import { getUpstreamAuthHeader } from './upstream-auth';
 export interface BridgeResult {
     response: Response;
@@ -101,7 +102,7 @@ export async function handleResponsesAPIBridge(json: any, req: Request, chatId:
     headers.set("host", responsesUrl.host);
     headers.set("content-type", "application/json");
     headers.set("content-length", String(new TextEncoder().encode(responsesBody).length));
-    headers.delete("authorization"); // Don't leak proxy API keys upstream
+    headers.set("authorization", getUpstreamAuthHeader());
     const response = await fetch(responsesUrl.toString(), {
         method: "POST",

package/start.ts CHANGED Viewed

@@ -6,6 +6,7 @@
 import { spawn, sleep } from 'bun';
 import { existsSync } from 'fs';
+import { getUpstreamAuthHeader } from './upstream-auth';
 const COPILOT_API_PORT = 4141;
 const PROXY_PORT = 4142;
@@ -30,7 +31,9 @@ async function waitForPort(port: number, timeoutMs = 30000): Promise<boolean> {
     const start = Date.now();
     while (Date.now() - start < timeoutMs) {
         try {
-            const resp = await fetch(`http://localhost:${port}/v1/models`);
+            const resp = await fetch(`http://localhost:${port}/v1/models`, {
+                headers: { 'Authorization': getUpstreamAuthHeader() },
+            });
             if (resp.ok) return true;
         } catch {}
         await sleep(500);

package/upstream-auth.ts ADDED Viewed

@@ -0,0 +1,82 @@
+import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'fs';
+import { homedir } from 'os';
+import { join } from 'path';
+import { randomBytes } from 'crypto';
+const DEFAULT_DATA_DIR = join(homedir(), '.local', 'share', 'copilot-api');
+interface CopilotApiConfig {
+    auth?: { apiKeys?: string[] };
+    [key: string]: unknown;
+}
+let cachedKey: string | null = null;
+function getConfigPath(): string {
+    const dataDir = process.env.COPILOT_API_HOME || DEFAULT_DATA_DIR;
+    return join(dataDir, 'config.json');
+}
+function loadUpstreamConfig(): CopilotApiConfig {
+    const configPath = getConfigPath();
+    try {
+        if (existsSync(configPath)) {
+            return JSON.parse(readFileSync(configPath, 'utf-8'));
+        }
+    } catch {}
+    return {};
+}
+function saveUpstreamConfig(config: CopilotApiConfig): void {
+    const configPath = getConfigPath();
+    const dir = join(configPath, '..');
+    if (!existsSync(dir)) mkdirSync(dir, { recursive: true });
+    writeFileSync(configPath, JSON.stringify(config, null, 2), 'utf-8');
+    cachedKey = null;
+}
+export function getUpstreamApiKeys(): string[] {
+    const config = loadUpstreamConfig();
+    return Array.isArray(config.auth?.apiKeys) ? config.auth!.apiKeys! : [];
+}
+export function getUpstreamApiKey(): string {
+    if (cachedKey) return cachedKey;
+    const keys = getUpstreamApiKeys();
+    if (keys.length > 0) {
+        cachedKey = keys[0];
+        return cachedKey;
+    }
+    cachedKey = 'dummy';
+    return cachedKey;
+}
+export function getUpstreamAuthHeader(): string {
+    return `Bearer ${getUpstreamApiKey()}`;
+}
+export function createUpstreamApiKey(): string {
+    const config = loadUpstreamConfig();
+    if (!config.auth) config.auth = {};
+    if (!Array.isArray(config.auth.apiKeys)) config.auth.apiKeys = [];
+    const newKey = 'sk-copilot-' + randomBytes(16).toString('base64url');
+    config.auth.apiKeys.push(newKey);
+    saveUpstreamConfig(config);
+    return newKey;
+}
+export function deleteUpstreamApiKey(key: string): boolean {
+    const config = loadUpstreamConfig();
+    const keys = config.auth?.apiKeys;
+    if (!Array.isArray(keys)) return false;
+    const idx = keys.indexOf(key);
+    if (idx === -1) return false;
+    keys.splice(idx, 1);
+    saveUpstreamConfig(config);
+    return true;
+}