hedgequantx 2.6.161 → 2.6.163

package/src/services/ai/proxy-manager.js

@@ -1,9 +1,8 @@
 /**
  * CLIProxyAPI Manager
  * 
- * Automatically downloads, installs, and manages CLIProxyAPI
- * so users can connect their AI subscription accounts (ChatGPT Plus, Claude Pro, etc.)
- * without needing to understand technical details.
+ * Automatically manages CLIProxyAPI for connecting AI subscription accounts
+ * (ChatGPT Plus, Claude Pro, etc.) without needing API keys.
  * 
  * Flow:
  * 1. User selects "Connect Account" in CLI
@@ -12,54 +11,32 @@
  * 4. Callback to localhost → Token saved → Models available
  */
 
-const https = require('https');
 const http = require('http');
-const fs = require('fs');
-const path = require('path');
-const os = require('os');
 const { spawn, exec } = require('child_process');
 
-// Configuration
-const PROXY_VERSION = 'v6.6.84';
-const PROXY_PORT = 8317;
-const PROXY_DIR = path.join(os.homedir(), '.hqx', 'proxy');
-const PROXY_BIN = path.join(PROXY_DIR, process.platform === 'win32' ? 'cli-proxy-api.exe' : 'cli-proxy-api');
-const PROXY_CONFIG = path.join(PROXY_DIR, 'config.yaml');
-const PROXY_AUTH_DIR = path.join(PROXY_DIR, 'auths');
-const API_KEY = 'hqx-local-key';
-const MANAGEMENT_KEY = 'hqx-mgmt-key';
-
-// GitHub release URLs
-const getDownloadUrl = () => {
-  const platform = process.platform;
-  const arch = process.arch;
-  
-  let osName, archName, ext;
-  
-  if (platform === 'darwin') {
-    osName = 'darwin';
-    archName = arch === 'arm64' ? 'arm64' : 'amd64';
-    ext = 'tar.gz';
-  } else if (platform === 'win32') {
-    osName = 'windows';
-    archName = arch === 'arm64' ? 'arm64' : 'amd64';
-    ext = 'zip';
-  } else {
-    osName = 'linux';
-    archName = arch === 'arm64' ? 'arm64' : 'amd64';
-    ext = 'tar.gz';
-  }
-  
-  const version = PROXY_VERSION.replace('v', '');
-  return `https://github.com/router-for-me/CLIProxyAPI/releases/download/${PROXY_VERSION}/CLIProxyAPI_${version}_${osName}_${archName}.${ext}`;
-};
+// Import from sub-modules
+const {
+  PROXY_PORT,
+  PROXY_DIR,
+  PROXY_BIN,
+  PROXY_CONFIG,
+  API_KEY,
+  MANAGEMENT_KEY,
+  isInstalled,
+  install,
+  isConfigValid,
+  rewriteConfig,
+} = require('./proxy-install');
 
-/**
- * Check if CLIProxyAPI binary exists
- */
-const isInstalled = () => {
-  return fs.existsSync(PROXY_BIN);
-};
+const {
+  createRemoteSession,
+  pollRemoteSession,
+  getRemoteTokens,
+  waitForRemoteAuth,
+  isServerEnvironment,
+  canOpenBrowser,
+  REMOTE_OAUTH_URL
+} = require('./proxy-remote');
 
 /**
  * Check if CLIProxyAPI is running
@@ -88,140 +65,6 @@ const isRunning = async () => {
   });
 };
 
-/**
- * Download file from URL
- */
-const downloadFile = (url, dest) => {
-  return new Promise((resolve, reject) => {
-    const file = fs.createWriteStream(dest);
-    
-    const request = (url) => {
-      https.get(url, (res) => {
-        if (res.statusCode === 302 || res.statusCode === 301) {
-          // Follow redirect
-          request(res.headers.location);
-          return;
-        }
-        
-        if (res.statusCode !== 200) {
-          reject(new Error(`HTTP ${res.statusCode}`));
-          return;
-        }
-        
-        res.pipe(file);
-        file.on('finish', () => {
-          file.close();
-          resolve();
-        });
-      }).on('error', (err) => {
-        fs.unlink(dest, () => {});
-        reject(err);
-      });
-    };
-    
-    request(url);
-  });
-};
-
-/**
- * Extract tar.gz archive
- */
-const extractTarGz = (archive, dest) => {
-  return new Promise((resolve, reject) => {
-    exec(`tar -xzf "${archive}" -C "${dest}"`, (err) => {
-      if (err) reject(err);
-      else resolve();
-    });
-  });
-};
-
-/**
- * Extract zip archive (Windows)
- */
-const extractZip = (archive, dest) => {
-  return new Promise((resolve, reject) => {
-    exec(`powershell -command "Expand-Archive -Path '${archive}' -DestinationPath '${dest}' -Force"`, (err) => {
-      if (err) reject(err);
-      else resolve();
-    });
-  });
-};
-
-/**
- * Download and install CLIProxyAPI
- * @param {Function} onProgress - Progress callback (message)
- */
-const install = async (onProgress = () => {}) => {
-  // Create directories
-  if (!fs.existsSync(PROXY_DIR)) {
-    fs.mkdirSync(PROXY_DIR, { recursive: true });
-  }
-  if (!fs.existsSync(PROXY_AUTH_DIR)) {
-    fs.mkdirSync(PROXY_AUTH_DIR, { recursive: true });
-  }
-  
-  onProgress('Downloading CLIProxyAPI...');
-  
-  const downloadUrl = getDownloadUrl();
-  const ext = process.platform === 'win32' ? 'zip' : 'tar.gz';
-  const archivePath = path.join(PROXY_DIR, `cliproxyapi.${ext}`);
-  
-  // Download
-  await downloadFile(downloadUrl, archivePath);
-  
-  onProgress('Extracting...');
-  
-  // Extract
-  if (ext === 'zip') {
-    await extractZip(archivePath, PROXY_DIR);
-  } else {
-    await extractTarGz(archivePath, PROXY_DIR);
-  }
-  
-  // Find the binary (it might be in a subdirectory)
-  const possibleBins = [
-    path.join(PROXY_DIR, 'cli-proxy-api'),
-    path.join(PROXY_DIR, 'cli-proxy-api.exe'),
-    path.join(PROXY_DIR, 'CLIProxyAPI', 'cli-proxy-api'),
-    path.join(PROXY_DIR, 'CLIProxyAPI', 'cli-proxy-api.exe')
-  ];
-  
-  for (const bin of possibleBins) {
-    if (fs.existsSync(bin) && bin !== PROXY_BIN) {
-      fs.renameSync(bin, PROXY_BIN);
-      break;
-    }
-  }
-  
-  // Make executable (Unix)
-  if (process.platform !== 'win32') {
-    fs.chmodSync(PROXY_BIN, 0o755);
-  }
-  
-  // Create config file
-  const config = `port: ${PROXY_PORT}
-auth-dir: "${PROXY_AUTH_DIR}"
-api-keys:
-  - "${API_KEY}"
-remote-management:
-  secret-key: "${MANAGEMENT_KEY}"
-allow-remote-management: false
-request-retry: 3
-quota-exceeded:
-  switch-project: true
-  switch-preview-model: true
-`;
-  
-  fs.writeFileSync(PROXY_CONFIG, config);
-  
-  // Cleanup archive
-  fs.unlinkSync(archivePath);
-  
-  onProgress('Installation complete');
-  
-  return true;
-};
-
 /**
  * Start CLIProxyAPI in background
  */
@@ -243,7 +86,6 @@ const start = async () => {
     
     proc.unref();
     
-    // Wait for it to start
     let attempts = 0;
     const checkInterval = setInterval(async () => {
       attempts++;
@@ -271,79 +113,19 @@ const stop = async () => {
   });
 };
 
-/**
- * Check if config has correct management key (plain text, not hashed)
- * CLIProxyAPI expects plain text key in config, it does bcrypt hashing internally
- * @returns {boolean} true if config is correct, false if needs update
- */
-const isConfigValid = () => {
-  if (!fs.existsSync(PROXY_CONFIG)) return false;
-  
-  try {
-    const config = fs.readFileSync(PROXY_CONFIG, 'utf8');
-    
-    // Check if management key section exists
-    if (!config.includes('remote-management:') || !config.includes('secret-key:')) {
-      return false;
-    }
-    
-    // Check if key is hashed (bcrypt hashes start with $2a$, $2b$, or $2y$)
-    // Plain text key should be 'hqx-mgmt-key', not a bcrypt hash
-    if (config.includes('$2a$') || config.includes('$2b$') || config.includes('$2y$')) {
-      return false; // Config has hashed key, needs to be plain text
-    }
-    
-    // Check if it has our expected management key
-    if (!config.includes(MANAGEMENT_KEY)) {
-      return false;
-    }
-    
-    return true;
-  } catch (e) {
-    return false;
-  }
-};
-
-/**
- * Rewrite config file with correct settings
- */
-const rewriteConfig = () => {
-  const config = `port: ${PROXY_PORT}
-auth-dir: "${PROXY_AUTH_DIR}"
-api-keys:
-  - "${API_KEY}"
-remote-management:
-  secret-key: "${MANAGEMENT_KEY}"
-allow-remote-management: false
-request-retry: 3
-quota-exceeded:
-  switch-project: true
-  switch-preview-model: true
-`;
-  
-  // Ensure directory exists
-  if (!fs.existsSync(PROXY_DIR)) {
-    fs.mkdirSync(PROXY_DIR, { recursive: true });
-  }
-  
-  fs.writeFileSync(PROXY_CONFIG, config);
-};
-
 /**
  * Ensure CLIProxyAPI is installed and running
  * @param {Function} onProgress - Progress callback
  */
 const ensureRunning = async (onProgress = () => {}) => {
-  // Check if config needs to be fixed (e.g., has hashed key instead of plain text)
   const configValid = isConfigValid();
   
   if (await isRunning()) {
     if (!configValid) {
-      // Config is invalid but proxy is running - need to restart with correct config
       onProgress('Updating proxy configuration...');
       rewriteConfig();
       await stop();
-      await new Promise(resolve => setTimeout(resolve, 1000)); // Wait for process to fully stop
+      await new Promise(resolve => setTimeout(resolve, 1000));
       onProgress('Restarting proxy with updated config...');
       await start();
     }
@@ -354,7 +136,6 @@ const ensureRunning = async (onProgress = () => {}) => {
     onProgress('Installing AI proxy (one-time setup)...');
     await install(onProgress);
   } else if (!configValid) {
-    // Binary exists but config is invalid - fix it
     onProgress('Fixing proxy configuration...');
     rewriteConfig();
   }
@@ -409,7 +190,6 @@ const proxyRequest = (method, endpoint, body = null) => {
 
 /**
  * Make request to local proxy (Management API endpoints)
- * Uses management key for authentication
  */
 const managementRequest = (method, endpoint, body = null) => {
   return new Promise((resolve, reject) => {
@@ -467,8 +247,6 @@ const managementRequest = (method, endpoint, body = null) => {
 const getAuthUrl = async (provider) => {
   await ensureRunning();
   
-  // Use is_webui=true to start the callback server on port 54545
-  // Without this, CLIProxyAPI generates the URL but doesn't listen for callbacks
   const endpoints = {
     anthropic: '/v0/management/anthropic-auth-url?is_webui=true',
     openai: '/v0/management/codex-auth-url?is_webui=true',
@@ -495,12 +273,12 @@ const getAuthUrl = async (provider) => {
 };
 
 /**
- * @param {string} callbackUrl - Full callback URL (http://localhost:54545/callback?code=xxx&state=yyy)
- * @param {string} provider - Provider ID (anthropic, openai, gemini, qwen, iflow)
+ * Submit OAuth callback
+ * @param {string} callbackUrl - Full callback URL
+ * @param {string} provider - Provider ID
  * @returns {Promise<boolean>}
  */
 const submitCallback = async (callbackUrl, provider = 'anthropic') => {
-  // Parse the callback URL
   let url;
   try {
     url = new URL(callbackUrl);
@@ -515,9 +293,6 @@ const submitCallback = async (callbackUrl, provider = 'anthropic') => {
     throw new Error('Missing code or state in callback URL');
   }
   
-  // Each provider has its own OAuth callback port and path in CLIProxyAPI
-  // We need to submit the callback to the correct port
-  // Ports are determined by the redirect_uri in the OAuth URL from CLIProxyAPI
   const providerConfig = {
     anthropic: { port: 54545, path: '/callback' },
     openai: { port: 1455, path: '/auth/callback' },
@@ -528,9 +303,6 @@ const submitCallback = async (callbackUrl, provider = 'anthropic') => {
   
   const config = providerConfig[provider] || providerConfig.anthropic;
   
-  // Submit to the provider's OAuth callback port directly
-  // Pass ALL query parameters from the callback URL, not just code and state
-  // Some providers (like Gemini) require additional params like scope, authuser, etc.
   return new Promise((resolve, reject) => {
     const callbackPath = `${config.path}?${url.searchParams.toString()}`;
     
@@ -544,7 +316,6 @@ const submitCallback = async (callbackUrl, provider = 'anthropic') => {
       let data = '';
       res.on('data', chunk => data += chunk);
       res.on('end', () => {
-        // Success if we get a redirect or success page
         if (res.statusCode === 200 || res.statusCode === 302 || res.statusCode === 301) {
           resolve(true);
         } else {
@@ -604,7 +375,7 @@ const waitForAuth = async (state, timeoutMs = 300000, onStatus = () => {}) => {
 
 /**
  * Get available models from the proxy
- * @param {string} [provider] - Optional provider to filter by (anthropic, openai, google, etc.)
+ * @param {string} [provider] - Optional provider to filter by
  * @returns {Promise<Array<string>>}
  */
 const getModels = async (provider = null) => {
@@ -615,9 +386,7 @@ const getModels = async (provider = null) => {
   if (response.data && Array.isArray(response.data)) {
     let models = response.data;
     
-    // Filter by provider if specified (using owned_by field from API)
     if (provider) {
-      // Map our provider IDs to the owned_by values from the API
       const ownerMap = {
         anthropic: 'anthropic',
         openai: 'openai',
@@ -693,157 +462,6 @@ const getProviderFromAuthFile = (filename) => {
   return 'unknown';
 };
 
-// ============================================
-// REMOTE OAUTH (for VPS/Server users)
-// Uses cli.hedgequantx.com as OAuth relay
-// ============================================
-
-const REMOTE_OAUTH_URL = 'https://cli.hedgequantx.com';
-
-/**
- * Make HTTPS request
- */
-const httpsRequest = (url, options, body = null) => {
-  return new Promise((resolve, reject) => {
-    const parsedUrl = new URL(url);
-    const req = https.request({
-      hostname: parsedUrl.hostname,
-      port: 443,
-      path: parsedUrl.pathname + parsedUrl.search,
-      method: options.method || 'GET',
-      headers: options.headers || {}
-    }, (res) => {
-      let data = '';
-      res.on('data', chunk => data += chunk);
-      res.on('end', () => {
-        try {
-          resolve(JSON.parse(data));
-        } catch (e) {
-          resolve(data);
-        }
-      });
-    });
-    
-    req.on('error', reject);
-    req.on('timeout', () => {
-      req.destroy();
-      reject(new Error('Request timeout'));
-    });
-    
-    if (body) {
-      req.write(typeof body === 'string' ? body : JSON.stringify(body));
-    }
-    req.end();
-  });
-};
-
-/**
- * Create Remote OAuth session
- * @param {string} provider - Provider ID (anthropic, openai, gemini)
- * @returns {Promise<{sessionId: string, authUrl: string}>}
- */
-const createRemoteSession = async (provider) => {
-  const response = await httpsRequest(
-    `${REMOTE_OAUTH_URL}/oauth/session/create`,
-    {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' }
-    },
-    JSON.stringify({ provider })
-  );
-  
-  if (response.error) {
-    throw new Error(response.error);
-  }
-  
-  return {
-    sessionId: response.sessionId,
-    authUrl: response.authUrl
-  };
-};
-
-/**
- * Poll Remote OAuth session status
- * @param {string} sessionId - Session ID from createRemoteSession
- * @returns {Promise<{status: string, error?: string}>}
- */
-const pollRemoteSession = async (sessionId) => {
-  const response = await httpsRequest(
-    `${REMOTE_OAUTH_URL}/oauth/session/${sessionId}/status`,
-    { method: 'GET' }
-  );
-  return response;
-};
-
-/**
- * Get tokens from Remote OAuth session
- * @param {string} sessionId - Session ID
- * @returns {Promise<{provider: string, tokens: Object}>}
- */
-const getRemoteTokens = async (sessionId) => {
-  const response = await httpsRequest(
-    `${REMOTE_OAUTH_URL}/oauth/session/${sessionId}/tokens`,
-    { method: 'GET' }
-  );
-  
-  if (response.error) {
-    throw new Error(response.error);
-  }
-  
-  return response;
-};
-
-/**
- * Wait for Remote OAuth to complete
- * @param {string} sessionId - Session ID
- * @param {number} timeoutMs - Timeout in milliseconds
- * @param {Function} onStatus - Status callback
- * @returns {Promise<{provider: string, tokens: Object}>}
- */
-const waitForRemoteAuth = async (sessionId, timeoutMs = 300000, onStatus = () => {}) => {
-  const startTime = Date.now();
-  
-  while (Date.now() - startTime < timeoutMs) {
-    const status = await pollRemoteSession(sessionId);
-    
-    if (status.status === 'success') {
-      return await getRemoteTokens(sessionId);
-    } else if (status.status === 'error') {
-      throw new Error(status.error || 'Authentication failed');
-    }
-    
-    onStatus('Waiting for authorization...');
-    await new Promise(resolve => setTimeout(resolve, 2000));
-  }
-  
-  throw new Error('Authentication timeout');
-};
-
-/**
- * Detect if we're running on a server (no display/browser)
- * @returns {boolean}
- */
-const isServerEnvironment = () => {
-  // Check for common server indicators
-  if (process.env.SSH_CONNECTION || process.env.SSH_CLIENT) return true;
-  if (process.env.DISPLAY === undefined && process.platform === 'linux') return true;
-  if (process.env.TERM === 'dumb') return true;
-  if (process.env.HQX_REMOTE_OAUTH === '1') return true; // Force remote mode
-  return false;
-};
-
-/**
- * Detect if browser can be opened
- * @returns {boolean}
- */
-const canOpenBrowser = () => {
-  // On macOS/Windows, we can usually open browser
-  if (process.platform === 'darwin' || process.platform === 'win32') return true;
-  // On Linux, check for display
-  if (process.env.DISPLAY) return true;
-  return false;
-};
-
 module.exports = {
   // Local OAuth (CLIProxyAPI)
   isInstalled,