npm - github-router - Versions diffs - 0.3.16 → 0.3.17 - Mend

github-router 0.3.16 → 0.3.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/main.js CHANGED Viewed

@@ -16,6 +16,7 @@ import { Hono } from "hono";
 import { cors } from "hono/cors";
 import { streamSSE } from "hono/streaming";
 import { events } from "fetch-event-stream";
+import { z } from "zod";
 import clipboard from "clipboardy";
 //#region src/lib/paths.ts
@@ -31,10 +32,14 @@ const PATHS = {
 	},
 	get ERROR_LOG_PATH() {
 		return path.join(appDir(), "error.log");
+	},
+	get CODEX_HOME() {
+		return path.join(appDir(), "codex-isolated");
 	}
 };
 async function ensurePaths() {
 	await fs.mkdir(PATHS.APP_DIR, { recursive: true });
+	await fs.mkdir(PATHS.CODEX_HOME, { recursive: true });
 	await ensureFile(PATHS.GITHUB_TOKEN_PATH);
 }
 async function ensureFile(filePath) {
@@ -68,7 +73,7 @@ const DEFAULT_COPILOT_VERSION = "0.43.2026033101";
 function copilotVersion(state$1) {
 	return state$1.copilotVersion ?? DEFAULT_COPILOT_VERSION;
 }
-const API_VERSION = "2025-10-01";
+const API_VERSION = "2026-01-09";
 const copilotBaseUrl = (state$1) => state$1.copilotApiUrl ?? "https://api.githubcopilot.com";
 const copilotHeaders = (state$1, vision = false, integrationId = "vscode-chat") => {
 	const version = copilotVersion(state$1);
@@ -123,6 +128,17 @@ async function forwardError(c, error) {
 		} catch {
 			errorJson = void 0;
 		}
+		if (isContextOverflow(error.response.status, errorJson, errorText)) {
+			const upstream = resolveErrorMessage(errorJson, errorText);
+			consola.error("HTTP error (mapped to overflow):", errorJson ?? errorText);
+			return c.json({
+				type: "error",
+				error: {
+					type: "invalid_request_error",
+					message: `prompt is too long: ${upstream}`
+				}
+			}, 400);
+		}
 		if (isAnthropicError(errorJson)) {
 			consola.error("HTTP error:", errorJson);
 			return c.json(errorJson, error.response.status);
@@ -167,6 +183,29 @@ function isAnthropicError(json) {
 	const inner = record.error;
 	return typeof inner.type === "string" && typeof inner.message === "string";
 }
+const CONTEXT_OVERFLOW_SUBSTRINGS = [
+	"prompt is too long",
+	"context_length_exceeded",
+	"context length exceeded",
+	"input is too long",
+	"maximum context length",
+	"too many tokens"
+];
+/**
+* Detect upstream context-overflow errors so we can remap them to a 400
+* "prompt is too long" shape that triggers Claude Code self-compaction.
+*
+* Always remaps 413 (treated as a hard payload-size signal regardless of
+* body wording). Remaps 400 only when the error text contains one of the
+* known overflow substrings — a regular 400 (e.g. "model not found") must
+* NOT remap.
+*/
+function isContextOverflow(status, errorJson, errorText) {
+	if (status === 413) return true;
+	if (status !== 400) return false;
+	const haystack = (errorText + " " + (typeof errorJson === "object" && errorJson !== null ? JSON.stringify(errorJson) : "")).toLowerCase();
+	return CONTEXT_OVERFLOW_SUBSTRINGS.some((s) => haystack.includes(s));
+}
 /**
 * Map HTTP status to Anthropic error type.
 */
@@ -182,11 +221,35 @@ function resolveErrorType(status) {
 //#endregion
 //#region src/services/github/get-copilot-token.ts
+/**
+* Allowlist of hosts the router will trust as the Copilot API base URL.
+* Anything else returned in `endpoints.api` (e.g. via a tampered or
+* misconfigured token-exchange response) is rejected — otherwise a
+* malicious value would receive the long-lived GitHub PAT we send to
+* `/mcp` for web search (see `src/services/copilot/web-search.ts`).
+*/
+const COPILOT_HOST_ALLOWLIST = [
+	"api.githubcopilot.com",
+	"api.individual.githubcopilot.com",
+	"api.business.githubcopilot.com",
+	"api.enterprise.githubcopilot.com"
+];
+function isAllowedCopilotHost(rawUrl) {
+	let parsed;
+	try {
+		parsed = new URL(rawUrl);
+	} catch {
+		return false;
+	}
+	if (parsed.protocol !== "https:") return false;
+	return COPILOT_HOST_ALLOWLIST.includes(parsed.hostname);
+}
 const getCopilotToken = async () => {
 	const response = await fetch(`${GITHUB_API_BASE_URL}/copilot_internal/v2/token`, { headers: githubHeaders(state) });
 	if (!response.ok) throw new HTTPError("Failed to get Copilot token", response);
 	const data = await response.json();
-	if (data.endpoints?.api) state.copilotApiUrl = data.endpoints.api;
+	if (data.endpoints?.api) if (isAllowedCopilotHost(data.endpoints.api)) state.copilotApiUrl = data.endpoints.api;
+	else consola.warn(`Refusing to honor Copilot API endpoint "${data.endpoints.api}" from the token-exchange response — not in allowlist (${COPILOT_HOST_ALLOWLIST.join(", ")}). ` + (state.copilotApiUrl ? `Keeping existing override "${state.copilotApiUrl}".` : `Falling back to the default api.githubcopilot.com.`));
 	return data;
 };
@@ -297,12 +360,14 @@ const VSCODE_BETA_PREFIXES = [
 * Enabled via --extended-betas flag. Includes all betas confirmed
 * to work with the Copilot API.
 *
-* Notably absent: output-128k- (Copilot returns 400).
+* Notably absent (Copilot 400s on these — verified live):
+*   context-1m-, skills-, files-api-, code-execution-, output-128k-.
+* 1M context is unlocked by selecting `claude-opus-4.7-1m-internal`
+* as the model id, not via a beta header.
 */
 const EXTENDED_BETA_PREFIXES = [
 	...VSCODE_BETA_PREFIXES,
 	"claude-code-",
-	"context-1m-",
 	"effort-",
 	"prompt-caching-",
 	"computer-use-",
@@ -312,10 +377,8 @@ const EXTENDED_BETA_PREFIXES = [
 	"compact-",
 	"structured-outputs-",
 	"fast-mode-",
-	"skills-",
 	"mcp-client-",
 	"mcp-servers-",
-	"files-api-",
 	"redact-thinking-",
 	"web-search-"
 ];
@@ -355,7 +418,10 @@ function resolveModel(modelId) {
 	const ciMatch = models.find((m) => m.id.toLowerCase() === lower);
 	if (ciMatch) return ciMatch.id;
 	if (lower.includes("opus")) {
-		const oneM = models.find((m) => m.id.includes("opus") && m.id.endsWith("-1m"));
+		const oneMs = models.filter((m) => m.id.includes("opus") && /-1m(?:$|-)/.test(m.id));
+		const versionMatch = lower.match(/opus-(\d+)[.-](\d+)/);
+		const requestedVersion = versionMatch ? `${versionMatch[1]}.${versionMatch[2]}` : void 0;
+		const oneM = (requestedVersion ? oneMs.find((m) => m.id.includes(`opus-${requestedVersion}-`)) : void 0) ?? oneMs[0];
 		if (oneM) return oneM.id;
 	}
 	if (lower.includes("codex")) {
@@ -380,13 +446,19 @@ function resolveCodexModel(modelId) {
 	const models = state.models?.data;
 	if (!models) return resolved;
 	if (models.some((m) => m.id === resolved)) return resolved;
-	const codexModels = models.filter((m) => {
+	const candidates = models.filter((m) => {
 		const endpoints = m.supported_endpoints ?? [];
-		return m.id.includes("codex") && !m.id.includes("mini") && (endpoints.length === 0 || endpoints.includes("/responses"));
+		if (m.id.includes("mini") || m.id.includes("nano")) return false;
+		return endpoints.length === 0 || endpoints.includes("/responses");
 	});
-	if (codexModels.length > 0) {
-		codexModels.sort((a, b) => b.id.localeCompare(a.id));
-		const best = codexModels[0].id;
+	if (candidates.length > 0) {
+		candidates.sort((a, b) => {
+			const aCodex = a.id.includes("codex") ? 1 : 0;
+			const bCodex = b.id.includes("codex") ? 1 : 0;
+			if (aCodex !== bCodex) return bCodex - aCodex;
+			return b.id.localeCompare(a.id);
+		});
+		const best = candidates[0].id;
 		consola.warn(`Model "${modelId}" not available, using "${best}" instead`);
 		return best;
 	}
@@ -671,7 +743,38 @@ function enableFileLogging() {
 //#endregion
 //#region src/lib/port.ts
 const DEFAULT_PORT = 8787;
-const DEFAULT_CODEX_MODEL = "gpt-5.3-codex";
+/**
+* Default model for `github-router claude`. The Anthropic-published dashed
+* slug (`claude-opus-4-7`) — NOT the Copilot-internal slug
+* (`claude-opus-4.7-1m-internal`) — because Claude Code 2.1.126's `/model`
+* UI is backed by a hardcoded registry of Anthropic slugs, and an
+* unrecognized slug causes the menu to highlight "Opus 4" with a
+* "Newer version available" hint instead of "Opus 4.7 (1M context)".
+*
+* The proxy's `resolveModel` (`src/lib/utils.ts`) translates this to
+* Copilot's `claude-opus-4.7-1m-internal` (enterprise) or
+* `claude-opus-4.7` (Pro+/Business/Max) at request time via the
+* family-preference + version-match branch — round-trip covered by
+* `tests/lib-utils.test.ts:154`.
+*
+* `DEFAULT_CLAUDE_MODEL_FALLBACKS` covers major.minor regressions only;
+* 1M↔200K downgrade is handled inside the resolver, so we don't need
+* separate `-1m` entries here.
+*/
+const DEFAULT_CLAUDE_MODEL = "claude-opus-4-7";
+const DEFAULT_CLAUDE_MODEL_FALLBACKS = ["claude-opus-4-6", "claude-opus-4-5"];
+/**
+* Default model for `github-router codex`. `gpt-5.5` is the new flagship
+* `/responses` model; the fallback chain handles older Copilot tiers where
+* 5.5 hasn't rolled out yet. `resolveCodexModel` provides a final
+* "best available `/responses` model" safety net beyond this list.
+*/
+const DEFAULT_CODEX_MODEL = "gpt-5.5";
+const DEFAULT_CODEX_MODEL_FALLBACKS = [
+	"gpt-5.4",
+	"gpt-5.3-codex",
+	"gpt-5.2-codex"
+];
 const PORT_RANGE_MIN = 11e3;
 const PORT_RANGE_MAX = 65535;
 /** Generate a random port number in the range [11000, 65535]. */
@@ -681,6 +784,49 @@ function generateRandomPort() {
 //#endregion
 //#region src/lib/launch.ts
+/**
+* Auth-related env keys we strip from the parent before spawning the
+* child CLI. The proxy provides its own values for everything we care
+* about (ANTHROPIC_BASE_URL, ANTHROPIC_AUTH_TOKEN, OPENAI_BASE_URL,
+* OPENAI_API_KEY, CODEX_HOME, ANTHROPIC_MODEL); for the rest, we want
+* the child to behave as if the user had no parent-env auth at all.
+*
+* Why strip rather than override-with-empty-string:
+*   - Claude Code emits "Auth conflict" warnings whenever both
+*     ANTHROPIC_AUTH_TOKEN and ANTHROPIC_API_KEY are present (regardless
+*     of value, even when both are "dummy"). Stripping API_KEY entirely
+*     suppresses the warning AND prevents an inherited real shell key
+*     from leaking via x-api-key.
+*   - Cloud-provider toggles (CLAUDE_CODE_USE_*) and OAUTH_TOKEN, etc.
+*     are simpler dropped than overridden — a missing env var is
+*     unambiguously falsy/absent in every code path that reads it.
+*/
+const STRIPPED_PARENT_ENV_KEYS = [
+	"ANTHROPIC_API_KEY",
+	"ANTHROPIC_AUTH_TOKEN",
+	"ANTHROPIC_BASE_URL",
+	"ANTHROPIC_CUSTOM_HEADERS",
+	"ANTHROPIC_MODEL",
+	"CLAUDE_CODE_OAUTH_TOKEN",
+	"CLAUDE_CODE_USE_BEDROCK",
+	"CLAUDE_CODE_USE_VERTEX",
+	"CLAUDE_CODE_USE_FOUNDRY",
+	"CLAUDE_CONFIG_DIR",
+	"OPENAI_API_KEY",
+	"OPENAI_BASE_URL",
+	"CODEX_HOME"
+];
+/**
+* Strip auth-related keys from a parent-process env object. The result
+* is suitable to spread into a spawned child's env BEFORE the proxy's
+* explicit overrides, so the proxy is the only source of truth for
+* auth — and stale shell exports can't leak through.
+*/
+function sanitizeParentEnv(parent) {
+	const sanitized = { ...parent };
+	for (const key of STRIPPED_PARENT_ENV_KEYS) delete sanitized[key];
+	return sanitized;
+}
 function commandExists(name) {
 	try {
 		execFileSync(process$1.platform === "win32" ? "where.exe" : "which", [name], { stdio: "ignore" });
@@ -703,7 +849,7 @@ function buildLaunchCommand(target) {
 			...target.extraArgs
 		],
 		env: {
-			...process$1.env,
+			...sanitizeParentEnv(process$1.env),
 			...target.envVars
 		}
 	};
@@ -1185,6 +1331,31 @@ const createChatCompletions = async (payload, modelHeaders) => {
 //#endregion
 //#region src/services/copilot/web-search.ts
+const RpcSchema = z.object({
+	jsonrpc: z.literal("2.0"),
+	id: z.number().optional(),
+	result: z.object({
+		content: z.array(z.object({
+			type: z.literal("text"),
+			text: z.string()
+		})).optional(),
+		isError: z.boolean().optional()
+	}).optional(),
+	error: z.object({
+		code: z.number(),
+		message: z.string()
+	}).optional()
+});
+const InnerSchema = z.object({
+	text: z.object({
+		value: z.string(),
+		annotations: z.array(z.object({ url_citation: z.object({
+			title: z.string(),
+			url: z.string()
+		}).optional() })).optional()
+	}),
+	bing_searches: z.array(z.unknown()).optional()
+});
 const MAX_SEARCHES_PER_SECOND = 3;
 let searchTimestamps = [];
 async function throttleSearch() {
@@ -1199,55 +1370,129 @@ async function throttleSearch() {
 	}
 	searchTimestamps.push(Date.now());
 }
-function threadsHeaders() {
-	return copilotHeaders(state, false, "copilot-chat");
-}
-async function createThread() {
-	const response = await fetch(`${copilotBaseUrl(state)}/github/chat/threads`, {
-		method: "POST",
-		headers: threadsHeaders(),
-		body: JSON.stringify({})
-	});
-	if (!response.ok) {
-		consola.error("Failed to create chat thread", response.status);
-		throw new Error(`Failed to create chat thread: ${response.status}`);
-	}
-	return (await response.json()).thread_id;
+function mcpHeaders(sid) {
+	if (!state.githubToken) throw new Error("GitHub token missing — re-run auth flow. Web search uses the GitHub PAT (not the Copilot token); the on-disk token at ~/.local/share/github-router/github_token must be present.");
+	const headers = {
+		Authorization: `Bearer ${state.githubToken}`,
+		"content-type": "application/json",
+		accept: "application/json, text/event-stream",
+		"X-MCP-Host": "copilot-cli",
+		"X-MCP-Toolsets": "web_search",
+		"Mcp-Protocol-Version": "2025-06-18",
+		"user-agent": `GitHubCopilotChat/${copilotVersion(state)}`
+	};
+	if (sid) headers["Mcp-Session-Id"] = sid;
+	return headers;
 }
-async function sendThreadMessage(threadId, query) {
-	const response = await fetch(`${copilotBaseUrl(state)}/github/chat/threads/${threadId}/messages`, {
+async function postMcp(body, sid, retry = true) {
+	const url = `${copilotBaseUrl(state)}/mcp`;
+	const res = await fetch(url, {
 		method: "POST",
-		headers: threadsHeaders(),
-		body: JSON.stringify({
-			content: query,
-			intent: "conversation",
-			skills: ["web-search"],
-			references: []
-		})
+		headers: mcpHeaders(sid),
+		body: JSON.stringify(body)
 	});
-	if (!response.ok) {
-		consola.error("Failed to send thread message", response.status);
-		throw new Error(`Failed to send thread message: ${response.status}`);
+	if (!res.ok && retry && res.status >= 500) {
+		await sleep(500);
+		return postMcp(body, sid, false);
 	}
-	return await response.json();
+	return res;
 }
 async function searchWeb(query) {
-	if (!state.copilotToken) throw new Error("Copilot token not found");
 	await throttleSearch();
-	consola.info(`Web search: "${query.slice(0, 80)}"`);
-	const response = await sendThreadMessage(await createThread(), query);
-	const references = [];
-	for (const ref of response.message.references ?? []) if (ref.results) {
-		for (const result of ref.results) if (result.url && result.reference_type !== "bing_search") references.push({
-			title: result.title,
-			url: result.url
+	consola.info(`Web search (MCP): "${query.slice(0, 80)}"`);
+	const callId = Math.floor(Math.random() * 1e9);
+	let sid;
+	try {
+		const initRes = await postMcp({
+			jsonrpc: "2.0",
+			id: 1,
+			method: "initialize",
+			params: {
+				protocolVersion: "2024-11-05",
+				capabilities: {},
+				clientInfo: {
+					name: "GitHubCopilotChat",
+					version: copilotVersion(state)
+				}
+			}
 		});
+		if (!initRes.ok) {
+			consola.error("MCP initialize failed", initRes.status);
+			throw new HTTPError("MCP initialize failed", initRes);
+		}
+		sid = initRes.headers.get("mcp-session-id") ?? void 0;
+		if (!sid) throw new HTTPError("MCP initialize: missing Mcp-Session-Id header", initRes);
+		const notifRes = await postMcp({
+			jsonrpc: "2.0",
+			method: "notifications/initialized"
+		}, sid);
+		if (!notifRes.ok && notifRes.status !== 202) {
+			consola.error("MCP notifications/initialized failed", notifRes.status);
+			throw new HTTPError("MCP notifications/initialized failed", notifRes);
+		}
+		const callRes = await postMcp({
+			jsonrpc: "2.0",
+			id: callId,
+			method: "tools/call",
+			params: {
+				name: "web_search",
+				arguments: { query }
+			}
+		}, sid);
+		if (!callRes.ok) {
+			consola.error("MCP tools/call failed", callRes.status);
+			throw new HTTPError("MCP tools/call failed", callRes);
+		}
+		let rpc;
+		for await (const ev of events(callRes)) {
+			if (!ev.data) continue;
+			let parsedJson;
+			try {
+				parsedJson = JSON.parse(ev.data);
+			} catch {
+				continue;
+			}
+			const parsed = RpcSchema.safeParse(parsedJson);
+			if (parsed.success && parsed.data.id === callId) {
+				rpc = parsed.data;
+				break;
+			}
+		}
+		if (!rpc) throw new HTTPError("MCP tools/call: no matching response id in SSE stream", callRes);
+		if (rpc.error) throw new HTTPError(`MCP error ${rpc.error.code}: ${rpc.error.message}`, callRes);
+		if (rpc.result?.isError) throw new HTTPError("MCP web_search tool error", callRes);
+		const text = rpc.result?.content?.[0]?.text;
+		if (!text) throw new HTTPError("MCP web_search: empty content", callRes);
+		let innerRaw;
+		try {
+			innerRaw = JSON.parse(text);
+		} catch (err) {
+			throw new HTTPError(`MCP web_search: inner content not JSON: ${err instanceof Error ? err.message : String(err)}`, callRes);
+		}
+		const innerParsed = InnerSchema.safeParse(innerRaw);
+		if (!innerParsed.success) throw new HTTPError(`MCP web_search: inner content shape changed (${innerParsed.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join("; ")})`, callRes);
+		const inner = innerParsed.data;
+		const references = [];
+		for (const ann of inner.text.annotations ?? []) {
+			const cite = ann.url_citation;
+			if (cite && !cite.url.toLowerCase().includes("bing.com/search")) references.push({
+				title: cite.title,
+				url: cite.url
+			});
+		}
+		consola.debug(`Web search returned ${references.length} references`);
+		return {
+			content: inner.text.value,
+			references
+		};
+	} finally {
+		if (sid) try {
+			fetch(`${copilotBaseUrl(state)}/mcp`, {
+				method: "DELETE",
+				headers: mcpHeaders(sid)
+			}).catch(() => {});
+		} catch {}
 	}
-	consola.debug(`Web search returned ${references.length} references`);
-	return {
-		content: response.message.content,
-		references
-	};
 }
 //#endregion
@@ -1414,7 +1659,7 @@ embeddingRoutes.post("/", async (c) => {
 * (anthropic-beta) so Copilot enables extended features.
 */
 function buildHeaders(extraHeaders) {
-	const headers = {
+	return {
 		...copilotHeaders(state),
 		accept: "application/json",
 		"openai-intent": "messages-proxy",
@@ -1424,8 +1669,6 @@ function buildHeaders(extraHeaders) {
 		"X-Interaction-Id": randomUUID(),
 		...extraHeaders
 	};
-	delete headers["copilot-integration-id"];
-	return headers;
 }
 /**
 * Forward an Anthropic Messages API request to Copilot's native /v1/messages endpoint.
@@ -1702,9 +1945,8 @@ async function handleCompletion(c) {
 	if (debugEnabled) consola.debug("Anthropic request body:", rawBody.slice(0, 2e3));
 	if (state.manualApprove) await awaitApproval();
 	const betaHeaders = extractBetaHeaders(c);
-	const { body: resolvedBody, originalModel, resolvedModel } = resolveModelInBody(await processWebSearch(rawBody));
+	const { body: resolvedBody, originalModel, resolvedModel, selectedModel } = resolveModelInBody(await processWebSearch(rawBody));
 	const modelId = resolvedModel ?? originalModel;
-	const selectedModel = state.models?.data.find((m) => m.id === modelId);
 	if (modelId) logEndpointMismatch(modelId, "/v1/messages");
 	const effectiveBetas = applyDefaultBetas(betaHeaders, resolvedModel ?? originalModel);
 	let response;
@@ -1770,8 +2012,9 @@ async function handleCompletion(c) {
 }
 /**
 * Parse the JSON body, resolve the model name, sanitize cache_control
-* fields, and re-serialize. Returns the body string plus the original
-* and resolved model names.
+* fields, translate thinking-mode shape for adaptive-thinking models,
+* and re-serialize. Returns the body string, original/resolved model
+* names, and the matching model metadata (if any).
 *
 * Re-serialization is skipped when no modifications are needed.
 */
@@ -1791,14 +2034,85 @@ function resolveModelInBody(rawBody) {
 			modified = true;
 		}
 	}
-	if (rawBody.includes("\"scope\"") && sanitizeCacheControl(parsed)) modified = true;
 	const resolvedModel = typeof parsed.model === "string" ? parsed.model : originalModel;
+	const selectedModel = resolvedModel ? state.models?.data.find((m) => m.id === resolvedModel) : void 0;
+	if (translateThinking(parsed, selectedModel)) modified = true;
+	if (rawBody.includes("\"scope\"") && sanitizeCacheControl(parsed)) modified = true;
 	return {
 		body: modified ? JSON.stringify(parsed) : rawBody,
 		originalModel,
-		resolvedModel
+		resolvedModel,
+		selectedModel
 	};
 }
+const EFFORT_ORDER = [
+	"low",
+	"medium",
+	"high",
+	"xhigh"
+];
+/**
+* Bucket a thinking budget into a Copilot reasoning-effort string.
+* `<2000`→low, `<8000`→medium, `<24000`→high, else→xhigh.
+* Defaults missing/non-numeric budgets to 8000 ("high").
+*/
+function bucketEffort(budget) {
+	const n = typeof budget === "number" && Number.isFinite(budget) ? budget : 8e3;
+	if (n < 2e3) return "low";
+	if (n < 8e3) return "medium";
+	if (n < 24e3) return "high";
+	return "xhigh";
+}
+/**
+* Clamp a bucketed effort to the closest value in `supported`. Ties
+* resolve to the lower-tier option (per EFFORT_ORDER).
+*
+* Iterates EFFORT_ORDER (canonical low→xhigh) so the first match on a
+* given distance is always the lower-tier value, regardless of input
+* order in `supported`.
+*/
+function clampEffort(bucketed, supported) {
+	if (supported.includes(bucketed)) return bucketed;
+	const targetIdx = EFFORT_ORDER.indexOf(bucketed);
+	let best;
+	let bestDist = Infinity;
+	for (let i = 0; i < EFFORT_ORDER.length; i++) {
+		const value = EFFORT_ORDER[i];
+		if (!supported.includes(value)) continue;
+		const dist = Math.abs(i - targetIdx);
+		if (dist < bestDist) {
+			bestDist = dist;
+			best = value;
+		}
+	}
+	return best ?? bucketed;
+}
+/**
+* Translate Anthropic-shape `thinking:{type:"enabled", budget_tokens}` to
+* Copilot-shape `thinking:{type:"adaptive"}` + `output_config.effort`
+* when the resolved model declares `adaptive_thinking: true`.
+*
+* Returns true if the body was modified. No-op when the model doesn't
+* support adaptive thinking, when thinking is missing/disabled/already
+* adaptive, or when `body` isn't a plain object. Client-supplied
+* `output_config.effort` always wins over the bucketed value.
+*/
+function translateThinking(body, model) {
+	if (!model?.capabilities?.supports?.adaptive_thinking) return false;
+	const thinking = body.thinking;
+	if (!thinking || typeof thinking !== "object") return false;
+	if (thinking.type !== "enabled") return false;
+	const bucketed = bucketEffort(thinking.budget_tokens);
+	const supported = model.capabilities.supports.reasoning_effort;
+	const effort = Array.isArray(supported) && supported.length > 0 ? clampEffort(bucketed, supported) : bucketed;
+	body.thinking = { type: "adaptive" };
+	const existing = body.output_config && typeof body.output_config === "object" ? body.output_config : {};
+	body.output_config = {
+		...existing,
+		effort: existing.effort ?? effort
+	};
+	return true;
+}
 /**
 * Strip the `scope` field from all `cache_control` objects in the body.
 * Claude CLI 2.1.88+ sends {"type":"ephemeral","scope":"global"} which
@@ -1864,21 +2178,18 @@ const modelRoutes = new Hono();
 modelRoutes.get("/", async (c) => {
 	try {
 		if (!state.models) await cacheModels();
-		const models = state.models?.data.map((model) => ({
-			id: model.id,
-			object: "model",
-			type: model.capabilities?.type ?? "model",
-			created: 0,
-			created_at: (/* @__PURE__ */ new Date(0)).toISOString(),
-			owned_by: model.vendor,
-			display_name: model.name,
-			capabilities: model.capabilities,
-			supported_endpoints: model.supported_endpoints,
-			preview: model.preview,
-			version: model.version,
-			model_picker_enabled: model.model_picker_enabled,
-			policy: model.policy
-		}));
+		const models = state.models?.data.map((model) => {
+			const { requestHeaders,...rest } = model;
+			return {
+				...rest,
+				object: "model",
+				type: model.capabilities?.type ?? "model",
+				created: 0,
+				created_at: (/* @__PURE__ */ new Date(0)).toISOString(),
+				owned_by: model.vendor,
+				display_name: model.name
+			};
+		});
 		return c.json({
 			object: "list",
 			data: models,
@@ -1900,11 +2211,10 @@ const createResponses = async (payload, modelHeaders) => {
 		...modelHeaders,
 		"X-Initiator": isAgentCall ? "agent" : "user"
 	};
-	const filteredPayload = filterUnsupportedTools(payload);
 	const response = await fetch(`${copilotBaseUrl(state)}/responses`, {
 		method: "POST",
 		headers,
-		body: JSON.stringify(filteredPayload)
+		body: JSON.stringify(payload)
 	});
 	if (!response.ok) {
 		consola.error("Failed to create responses", response);
@@ -1930,31 +2240,6 @@ function detectAgentCall(input) {
 		return false;
 	});
 }
-function filterUnsupportedTools(payload) {
-	if (!payload.tools || !Array.isArray(payload.tools)) return payload;
-	const supported = payload.tools.filter((tool) => {
-		const isSupported = tool.type === "function";
-		if (!isSupported) consola.debug(`Stripping unsupported tool type: ${tool.type}`);
-		return isSupported;
-	});
-	let toolChoice = payload.tool_choice;
-	if (supported.length === 0) toolChoice = void 0;
-	else if (toolChoice && typeof toolChoice === "object") {
-		const supportedNames = new Set(supported.map((tool) => tool.name).filter(Boolean));
-		const toolChoiceName = getToolChoiceName(toolChoice);
-		if (toolChoiceName && !supportedNames.has(toolChoiceName)) toolChoice = void 0;
-	}
-	return {
-		...payload,
-		tools: supported.length > 0 ? supported : void 0,
-		tool_choice: toolChoice
-	};
-}
-function getToolChoiceName(toolChoice) {
-	if (typeof toolChoice !== "object") return void 0;
-	if ("function" in toolChoice && toolChoice.function && typeof toolChoice.function === "object") return toolChoice.function.name;
-	if ("name" in toolChoice) return toolChoice.name;
-}
 //#endregion
 //#region src/routes/responses/handler.ts
@@ -2018,8 +2303,7 @@ async function injectWebSearchIfNeeded(payload) {
 		if (payload.input.some((item) => item.type === "function_call_output")) return;
 	}
 	const query = extractUserQuery(payload.input);
-	if (!query) return;
-	try {
+	if (query) try {
 		const results = await searchWeb(query);
 		const searchContext = [
 			"[Web Search Results]",
@@ -2032,6 +2316,13 @@ async function injectWebSearchIfNeeded(payload) {
 	} catch (error) {
 		consola.warn("Web search failed, continuing without results:", error);
 	}
+	payload.tools = payload.tools?.filter((t) => t.type !== "web_search");
+	if (payload.tools && payload.tools.length === 0) payload.tools = void 0;
+	if (!payload.tools) payload.tool_choice = void 0;
+	else if (payload.tool_choice && typeof payload.tool_choice === "object") {
+		const choice = payload.tool_choice;
+		if ((choice.function?.name ?? choice.name) === "web_search") payload.tool_choice = void 0;
+	}
 }
 function extractUserQuery(input) {
 	if (typeof input === "string") return input;
@@ -2217,6 +2508,7 @@ server.route("/v1/models", modelRoutes);
 server.route("/v1/embeddings", embeddingRoutes);
 server.route("/v1/search", searchRoutes);
 server.route("/v1/messages", messageRoutes);
+server.post("/api/event_logging/batch", (c) => c.body(null, 200));
 server.notFound((c) => c.json({
 	type: "error",
 	error: {
@@ -2382,22 +2674,72 @@ function parseSharedArgs(args) {
 		extendedBetas: args["extended-betas"]
 	};
 }
-/** Build environment variables for Claude Code. */
+/**
+* Build environment variables for Claude Code.
+*
+* The parent env is sanitized of every key in `STRIPPED_PARENT_ENV_KEYS`
+* (see `src/lib/launch.ts`) BEFORE these overrides are merged in, so we
+* only need to provide the positive values.
+*
+* Auth precedence in Claude Code (https://code.claude.com/docs/en/iam):
+*   1. Cloud provider (CLAUDE_CODE_USE_BEDROCK / VERTEX / FOUNDRY) — stripped at parent.
+*   2. ANTHROPIC_AUTH_TOKEN — set here to "dummy"; wins over #4–#6.
+*   3. ANTHROPIC_API_KEY — stripped at parent, intentionally NOT re-set
+*      (Claude Code emits an Auth conflict warning when both AUTH_TOKEN
+*      and API_KEY are present, even with dummy values).
+*   4. apiKeyHelper in settings.json — beaten by #2.
+*   5. CLAUDE_CODE_OAUTH_TOKEN — stripped at parent.
+*   6. Subscription OAuth (Keychain / ~/.claude/.credentials.json) —
+*      INVISIBLE to the spawned child via the CLAUDE_CONFIG_DIR trick
+*      below. The credential file is left in place so `claude /logout`
+*      still works outside the proxy.
+*
+* `CLAUDE_CONFIG_DIR` activates Claude Code's per-config-dir keychain
+* isolation. Per binary-grep of Claude Code 2.1.126's `iN()` function:
+*
+*   function iN(H = "") {
+*     let _ = B6(),  // resolved config-dir path
+*         K = !process.env.CLAUDE_CONFIG_DIR ? "" : `-${sha256(_).slice(0, 8)}`;
+*     return `Claude Code${OAUTH_FILE_SUFFIX}${H}${K}`
+*   }
+*
+* The conditional is on PRESENCE, not value. When CLAUDE_CONFIG_DIR is
+* unset (the user's normal `claude` usage), the keychain service name is
+* "Claude Code" and their `/login` credential is found there. When set
+* (the proxy session), the service name becomes "Claude Code-<hash>" —
+* the user's credential is invisible, `iCH()` returns null, and all
+* three auth-conflict warnings fire `false`. The path resolves to the
+* default config-dir, so settings.json/skills/MCP/plugins/hooks/CLAUDE.md
+* still load from `~/.claude` as normal.
+*/
 function getClaudeCodeEnvVars(serverUrl, model) {
 	const vars = {
 		ANTHROPIC_BASE_URL: serverUrl,
 		ANTHROPIC_AUTH_TOKEN: "dummy",
+		CLAUDE_CONFIG_DIR: path.join(os.homedir(), ".claude"),
 		DISABLE_NON_ESSENTIAL_MODEL_CALLS: "1",
 		CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC: "1"
 	};
 	if (model) vars.ANTHROPIC_MODEL = model;
 	return vars;
 }
-/** Build environment variables for Codex CLI. */
+/**
+* Build environment variables for Codex CLI.
+*
+* Like `getClaudeCodeEnvVars`, the parent env is sanitized of
+* `OPENAI_API_KEY` / `OPENAI_BASE_URL` / `CODEX_HOME` (see
+* `STRIPPED_PARENT_ENV_KEYS` in `src/lib/launch.ts`) before these
+* overrides are merged, so a stale shell `OPENAI_API_KEY` can't leak
+* through. Codex caches a ChatGPT subscription login under
+* `$CODEX_HOME/auth.json` which can override `OPENAI_API_KEY` per
+* openai/codex#2733; pointing `CODEX_HOME` at an isolated directory
+* masks any cached login.
+*/
 function getCodexEnvVars(serverUrl) {
 	return {
 		OPENAI_BASE_URL: `${serverUrl}/v1`,
-		OPENAI_API_KEY: "dummy"
+		OPENAI_API_KEY: "dummy",
+		CODEX_HOME: PATHS.CODEX_HOME
 	};
 }
@@ -2437,21 +2779,32 @@ const claude = defineCommand({
 			process$1.exit(1);
 		}
 		enableFileLogging();
-		let resolvedModel;
-		if (args.model) {
-			resolvedModel = resolveModel(args.model);
-			if (resolvedModel !== args.model) consola.info(`Model "${args.model}" resolved to "${resolvedModel}"`);
-			if (!state.models?.data.find((m) => m.id === resolvedModel)) {
-				const available = listModelsForEndpoint("/v1/messages");
-				consola.warn(`Model "${resolvedModel}" not found. Available claude models: ${available.join(", ")}`);
+		const usingDefault = !args.model;
+		let chosenSlug = args.model ?? DEFAULT_CLAUDE_MODEL;
+		let resolvedSlug = resolveModel(chosenSlug);
+		if (usingDefault && state.models) {
+			const inCache = (slug) => state.models?.data.some((m) => m.id === resolveModel(slug)) ?? false;
+			if (!inCache(chosenSlug)) {
+				for (const fallback of DEFAULT_CLAUDE_MODEL_FALLBACKS) if (inCache(fallback)) {
+					consola.info(`Default model "${chosenSlug}" not in your Copilot model list; falling back to "${fallback}".`);
+					chosenSlug = fallback;
+					resolvedSlug = resolveModel(fallback);
+					break;
+				}
 			}
 		}
-		process$1.stderr.write(`Server ready on ${serverUrl}, launching Claude Code...\n`);
+		if (resolvedSlug !== chosenSlug) consola.info(`Model "${chosenSlug}" resolved to "${resolvedSlug}"`);
+		if (!state.models?.data.find((m) => m.id === resolvedSlug)) {
+			const available = listModelsForEndpoint("/v1/messages");
+			consola.warn(`Model "${resolvedSlug}" not found. Available claude models: ${available.join(", ")}`);
+		}
+		const banner = chosenSlug === resolvedSlug ? chosenSlug : `${chosenSlug} → ${resolvedSlug}`;
+		process$1.stderr.write(`Server ready on ${serverUrl}, launching Claude Code (${banner})...\n`);
 		launchChild({
 			kind: "claude-code",
-			envVars: getClaudeCodeEnvVars(serverUrl, resolvedModel ?? args.model),
+			envVars: getClaudeCodeEnvVars(serverUrl, chosenSlug),
 			extraArgs: args._ ?? [],
-			model: resolvedModel ?? args.model
+			model: chosenSlug
 		}, server$1);
 	}
 });
@@ -2491,10 +2844,22 @@ const codex = defineCommand({
 			consola.error("Failed to start server:", error instanceof Error ? error.message : error);
 			process$1.exit(1);
 		}
+		const usingDefault = !args.model;
 		const requestedModel = args.model ?? DEFAULT_CODEX_MODEL;
 		enableFileLogging();
-		const codexModel = resolveCodexModel(requestedModel);
+		let codexModel = resolveCodexModel(requestedModel);
 		if (codexModel !== requestedModel) consola.info(`Model "${requestedModel}" resolved to "${codexModel}"`);
+		if (usingDefault && state.models) {
+			const inCache = (id) => state.models?.data.some((m) => m.id === id) ?? false;
+			if (!inCache(codexModel)) for (const fallback of DEFAULT_CODEX_MODEL_FALLBACKS) {
+				const resolved = resolveCodexModel(fallback);
+				if (inCache(resolved)) {
+					consola.info(`Default model "${codexModel}" not in your Copilot model list; falling back to "${resolved}".`);
+					codexModel = resolved;
+					break;
+				}
+			}
+		}
 		const modelEntry = state.models?.data.find((m) => m.id === codexModel);
 		if (!modelEntry) {
 			const available = listModelsForEndpoint("/responses");