npm - opencode-anthropic-multi-account - Versions diffs - 0.2.4 → 0.2.6 - Mend

opencode-anthropic-multi-account 0.2.4 → 0.2.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/constants.d.ts +3 -0
package/dist/index.js +373 -45
package/dist/pi-ai-adapter.d.ts +4 -0
package/dist/request-transform.d.ts +1 -1
package/dist/token-node-request.d.ts +10 -0
package/package.json +2 -2

package/dist/constants.d.ts CHANGED Viewed

@@ -1,6 +1,9 @@
 /** Anthropic OAuth adapter config */
 export declare const ANTHROPIC_OAUTH_ADAPTER: import("opencode-multi-account-core").OAuthAdapter;
 export declare const ANTHROPIC_CLIENT_ID: string;
+export declare const ANTHROPIC_AUTHORIZE_ENDPOINT: string;
+export declare const ANTHROPIC_REDIRECT_URI: string;
+export declare const ANTHROPIC_SCOPES: string;
 /** Token exchange / refresh endpoint */
 export declare const ANTHROPIC_TOKEN_ENDPOINT: string;
 /** OAuth usage stats endpoint */

package/dist/index.js CHANGED Viewed

@@ -1820,6 +1820,33 @@ async function confirm(message, defaultYes = false) {
 }
 // ../multi-account-core/src/adapters/anthropic.ts
+var ANTHROPIC_DEFAULT_CLIENT_ID = "9d1c250a-e61b-44d9-88ed-5944d1962f5e";
+var ANTHROPIC_DEFAULT_CLI_VERSION = "2.1.80";
+var ANTHROPIC_DEFAULT_USER_AGENT = "claude-cli/2.1.2 (external, cli)";
+var ANTHROPIC_DEFAULT_AUTHORIZE_URL = "https://claude.ai/oauth/authorize";
+var ANTHROPIC_DEFAULT_TOKEN_URL = "https://platform.claude.com/v1/oauth/token";
+var ANTHROPIC_DEFAULT_REDIRECT_URI = "https://console.anthropic.com/oauth/code/callback";
+var ANTHROPIC_DEFAULT_SCOPES = "org:create_api_key user:profile user:inference";
+var ANTHROPIC_DEFAULT_BETA_FLAGS = "claude-code-20250219,oauth-2025-04-20,interleaved-thinking-2025-05-14,prompt-caching-scope-2026-01-05";
+function buildCliUserAgent(cliVersion) {
+  return `claude-cli/${cliVersion} (external, cli)`;
+}
+function resolveAnthropicOAuthEnv(env = process.env) {
+  const cliVersion = env.ANTHROPIC_CLI_VERSION || ANTHROPIC_DEFAULT_CLI_VERSION;
+  const composedUserAgent = buildCliUserAgent(cliVersion);
+  const userAgent = env.ANTHROPIC_USER_AGENT || (env.ANTHROPIC_CLI_VERSION ? composedUserAgent : "") || ANTHROPIC_DEFAULT_USER_AGENT;
+  return {
+    clientId: env.ANTHROPIC_CLIENT_ID || ANTHROPIC_DEFAULT_CLIENT_ID,
+    cliVersion,
+    userAgent,
+    authorizeUrl: env.ANTHROPIC_AUTHORIZE_URL || ANTHROPIC_DEFAULT_AUTHORIZE_URL,
+    tokenUrl: env.ANTHROPIC_TOKEN_URL || ANTHROPIC_DEFAULT_TOKEN_URL,
+    redirectUri: env.ANTHROPIC_REDIRECT_URI || ANTHROPIC_DEFAULT_REDIRECT_URI,
+    scopes: env.ANTHROPIC_SCOPES || ANTHROPIC_DEFAULT_SCOPES,
+    betaFlags: env.ANTHROPIC_BETA_FLAGS || ANTHROPIC_DEFAULT_BETA_FLAGS
+  };
+}
+var anthropicEnv = resolveAnthropicOAuthEnv();
 var anthropicOAuthAdapter = {
   id: "anthropic",
   authProviderId: "anthropic",
@@ -1827,14 +1854,14 @@ var anthropicOAuthAdapter = {
   statusToolName: "claude_multiauth_status",
   authMethodLabel: "Claude Pro/Max (Multi-Auth)",
   serviceLogName: "claude-multiauth",
-  oauthClientId: "9d1c250a-e61b-44d9-88ed-5944d1962f5e",
-  tokenEndpoint: "https://console.anthropic.com/v1/oauth/token",
+  oauthClientId: anthropicEnv.clientId,
+  tokenEndpoint: anthropicEnv.tokenUrl,
   usageEndpoint: "https://api.anthropic.com/api/oauth/usage",
   profileEndpoint: "https://api.anthropic.com/api/oauth/profile",
   oauthBetaHeader: "oauth-2025-04-20",
-  requestBetaHeader: "oauth-2025-04-20,interleaved-thinking-2025-05-14",
-  cliUserAgent: "claude-cli/2.1.2 (external, cli)",
-  cliVersion: "2.1.80",
+  requestBetaHeader: anthropicEnv.betaFlags,
+  cliUserAgent: anthropicEnv.userAgent,
+  cliVersion: anthropicEnv.cliVersion,
   billingSalt: "59cf53e54c78",
   toolPrefix: "mcp_",
   accountStorageFilename: "anthropic-multi-account-accounts.json",
@@ -2183,8 +2210,12 @@ var CascadeStateManager = class {
 };
 // src/constants.ts
+var resolvedAnthropicOAuthEnv = resolveAnthropicOAuthEnv();
 var ANTHROPIC_OAUTH_ADAPTER = anthropicOAuthAdapter;
 var ANTHROPIC_CLIENT_ID = ANTHROPIC_OAUTH_ADAPTER.oauthClientId;
+var ANTHROPIC_AUTHORIZE_ENDPOINT = resolvedAnthropicOAuthEnv.authorizeUrl;
+var ANTHROPIC_REDIRECT_URI = resolvedAnthropicOAuthEnv.redirectUri;
+var ANTHROPIC_SCOPES = resolvedAnthropicOAuthEnv.scopes;
 var ANTHROPIC_TOKEN_ENDPOINT = ANTHROPIC_OAUTH_ADAPTER.tokenEndpoint;
 var ANTHROPIC_USAGE_ENDPOINT = ANTHROPIC_OAUTH_ADAPTER.usageEndpoint;
 var ANTHROPIC_PROFILE_ENDPOINT = ANTHROPIC_OAUTH_ADAPTER.profileEndpoint;
@@ -2194,9 +2225,100 @@ var TOOL_PREFIX = ANTHROPIC_OAUTH_ADAPTER.toolPrefix;
 var ACCOUNTS_FILENAME2 = ANTHROPIC_OAUTH_ADAPTER.accountStorageFilename;
 var PLAN_LABELS = ANTHROPIC_OAUTH_ADAPTER.planLabels;
 var TOKEN_EXPIRY_BUFFER_MS = 6e4;
+var TOKEN_REFRESH_TIMEOUT_MS = 3e4;
 // src/pi-ai-adapter.ts
-import { loginAnthropic, refreshAnthropicToken } from "@mariozechner/pi-ai/oauth";
+import { AsyncLocalStorage } from "node:async_hooks";
+import * as piAiOauth from "@mariozechner/pi-ai/oauth";
+// src/token-node-request.ts
+import * as childProcess from "node:child_process";
+function buildNodeTokenRequestScript() {
+  return `
+const https = require("node:https");
+const endpoint = process.env.ANTHROPIC_REFRESH_ENDPOINT;
+const timeoutMs = Number(process.env.ANTHROPIC_REFRESH_TIMEOUT_MS || "30000");
+const payload = process.env.ANTHROPIC_REFRESH_REQUEST_BODY || "";
+function printSuccess(body) {
+  console.log(JSON.stringify({ ok: true, body }));
+}
+function printFailure(error) {
+  console.log(JSON.stringify({ ok: false, ...error }));
+}
+const request = https.request(endpoint, {
+  method: "POST",
+  headers: {
+    "Content-Type": "application/json",
+    Accept: "application/json",
+    "Content-Length": Buffer.byteLength(payload).toString(),
+  },
+}, (response) => {
+  let body = "";
+  response.setEncoding("utf8");
+  response.on("data", (chunk) => {
+    body += chunk;
+  });
+  response.on("end", () => {
+    const status = response.statusCode ?? 0;
+    if (status < 200 || status >= 300) {
+      printFailure({ status, body });
+      return;
+    }
+    printSuccess(body);
+  });
+});
+request.setTimeout(timeoutMs, () => {
+  request.destroy(new Error("Request timed out after " + timeoutMs + "ms"));
+});
+request.on("error", (error) => {
+  printFailure({ error: error instanceof Error ? error.name + ": " + error.message : String(error) });
+});
+request.write(payload);
+request.end();
+`;
+}
+async function defaultRunNodeTokenRequest(options) {
+  const script = buildNodeTokenRequestScript();
+  return await new Promise((resolve, reject) => {
+    childProcess.execFile(
+      options.executable,
+      ["-e", script],
+      {
+        timeout: options.timeoutMs + 1e3,
+        maxBuffer: 1024 * 1024,
+        env: {
+          ...process.env,
+          ANTHROPIC_REFRESH_ENDPOINT: options.endpoint,
+          ANTHROPIC_REFRESH_REQUEST_BODY: options.body,
+          ANTHROPIC_REFRESH_TIMEOUT_MS: String(options.timeoutMs)
+        }
+      },
+      (error, stdout, stderr) => {
+        const trimmedStdout = stdout.trim();
+        if (error) {
+          reject(new Error(stderr.trim() || error.message));
+          return;
+        }
+        if (!trimmedStdout) {
+          reject(new Error("Empty response from Node refresh helper"));
+          return;
+        }
+        resolve(trimmedStdout);
+      }
+    );
+  });
+}
+var nodeTokenRequestRunner = defaultRunNodeTokenRequest;
+async function runNodeTokenRequest(options) {
+  return await nodeTokenRequestRunner(options);
+}
 // src/config.ts
 initCoreConfig("claude-multiauth.json");
@@ -2378,19 +2500,204 @@ function fromPiAiCredentials(creds) {
     expiresAt: creds.expires
   };
 }
+var ANTHROPIC_REFRESH_ENDPOINT = ANTHROPIC_TOKEN_ENDPOINT;
+var LEGACY_ANTHROPIC_TOKEN_ENDPOINT = "https://platform.claude.com/v1/oauth/token";
+var REFRESH_NODE_EXECUTABLE = process.env.OPENCODE_REFRESH_NODE_EXECUTABLE || "node";
+var tokenProxyContext = new AsyncLocalStorage();
+var tokenProxyInstalled = false;
+var tokenProxyOriginalFetch = null;
+var refreshEndpointUrl = new URL(ANTHROPIC_REFRESH_ENDPOINT);
+var legacyRefreshEndpointUrl = new URL(LEGACY_ANTHROPIC_TOKEN_ENDPOINT);
+function buildRefreshRequestError(details) {
+  return new Error(`Anthropic token refresh request failed. url=${ANTHROPIC_REFRESH_ENDPOINT}; details=${details}`);
+}
+function buildRefreshInvalidJsonError(body, details) {
+  return new Error(`Anthropic token refresh returned invalid JSON. url=${ANTHROPIC_REFRESH_ENDPOINT}; body=${body}; details=${details}`);
+}
+function getRequestUrlString(input) {
+  if (typeof input === "string") return input;
+  if (input instanceof URL) return input.toString();
+  return input.url;
+}
+function isAnthropicTokenEndpoint(input) {
+  const rawUrl = getRequestUrlString(input);
+  try {
+    const url = new URL(rawUrl);
+    const isConfiguredEndpoint = url.origin === refreshEndpointUrl.origin && url.pathname === refreshEndpointUrl.pathname;
+    const isLegacyEndpoint = url.origin === legacyRefreshEndpointUrl.origin && url.pathname === legacyRefreshEndpointUrl.pathname;
+    return isConfiguredEndpoint || isLegacyEndpoint;
+  } catch {
+    return rawUrl === ANTHROPIC_REFRESH_ENDPOINT || rawUrl === LEGACY_ANTHROPIC_TOKEN_ENDPOINT;
+  }
+}
+function applyOverridesToTokenParams(params) {
+  params.set("client_id", ANTHROPIC_CLIENT_ID);
+  if (params.get("grant_type") === "authorization_code") {
+    params.set("redirect_uri", ANTHROPIC_REDIRECT_URI);
+    params.set("scope", ANTHROPIC_SCOPES);
+  }
+}
+function isRecord(value) {
+  return typeof value === "object" && value !== null;
+}
+function applyAnthropicTokenRequestOverrides(rawBody) {
+  const trimmed = rawBody.trim();
+  if (trimmed.length === 0) {
+    return rawBody;
+  }
+  if (trimmed.startsWith("{")) {
+    try {
+      const parsed = JSON.parse(trimmed);
+      if (!isRecord(parsed)) {
+        return rawBody;
+      }
+      const grantType = typeof parsed.grant_type === "string" ? parsed.grant_type : "";
+      parsed.client_id = ANTHROPIC_CLIENT_ID;
+      if (grantType === "authorization_code") {
+        parsed.redirect_uri = ANTHROPIC_REDIRECT_URI;
+        parsed.scope = ANTHROPIC_SCOPES;
+      }
+      return JSON.stringify(parsed);
+    } catch {
+      return rawBody;
+    }
+  }
+  const params = new URLSearchParams(rawBody);
+  applyOverridesToTokenParams(params);
+  return params.toString();
+}
+function rewriteAnthropicAuthUrl(rawUrl) {
+  try {
+    const configuredAuthorizeUrl = new URL(ANTHROPIC_AUTHORIZE_ENDPOINT);
+    const rewritten = new URL(rawUrl);
+    rewritten.protocol = configuredAuthorizeUrl.protocol;
+    rewritten.host = configuredAuthorizeUrl.host;
+    rewritten.pathname = configuredAuthorizeUrl.pathname;
+    for (const [key, value] of configuredAuthorizeUrl.searchParams.entries()) {
+      rewritten.searchParams.set(key, value);
+    }
+    rewritten.searchParams.set("client_id", ANTHROPIC_CLIENT_ID);
+    rewritten.searchParams.set("redirect_uri", ANTHROPIC_REDIRECT_URI);
+    rewritten.searchParams.set("scope", ANTHROPIC_SCOPES);
+    return rewritten.toString();
+  } catch {
+    return rawUrl;
+  }
+}
+function getRequestBodySource(input, init) {
+  if (init?.body !== void 0) {
+    return init.body;
+  }
+  if (input instanceof Request) {
+    return input.body;
+  }
+  return void 0;
+}
+function stringifyBinaryBody(body) {
+  if (body instanceof ArrayBuffer) {
+    return Buffer.from(body).toString("utf8");
+  }
+  return Buffer.from(body.buffer, body.byteOffset, body.byteLength).toString("utf8");
+}
+async function getRequestBody(input, init) {
+  const body = getRequestBodySource(input, init);
+  if (typeof body === "string") return body;
+  if (body instanceof URLSearchParams) return body.toString();
+  if (body instanceof Uint8Array || body instanceof ArrayBuffer || ArrayBuffer.isView(body)) {
+    return stringifyBinaryBody(body);
+  }
+  if (typeof Blob !== "undefined" && body instanceof Blob) return await body.text();
+  if (body instanceof ReadableStream) return await new Response(body).text();
+  if (input instanceof Request && init?.body === void 0) return await input.clone().text();
+  if (body == null) return "";
+  throw buildRefreshRequestError(`Unsupported token request body type: ${Object.prototype.toString.call(body)}`);
+}
+function getRequestMethod(input, init) {
+  return init?.method ?? (input instanceof Request ? input.method : "GET");
+}
+function shouldProxyTokenRequest(input) {
+  return tokenProxyContext.getStore() === true && isAnthropicTokenEndpoint(input);
+}
+async function postAnthropicTokenViaNode(body) {
+  const overriddenBody = applyAnthropicTokenRequestOverrides(body);
+  let output;
+  try {
+    output = await runNodeTokenRequest({
+      body: overriddenBody,
+      endpoint: ANTHROPIC_REFRESH_ENDPOINT,
+      executable: REFRESH_NODE_EXECUTABLE,
+      timeoutMs: TOKEN_REFRESH_TIMEOUT_MS
+    });
+  } catch (error) {
+    const details = error instanceof Error ? error.message : String(error);
+    throw buildRefreshRequestError(details);
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(output);
+  } catch (error) {
+    const details = error instanceof Error ? `${error.name}: ${error.message}` : String(error);
+    throw buildRefreshInvalidJsonError(output, details);
+  }
+  const result = parsed;
+  if (!result.ok) {
+    if (result.error) {
+      throw buildRefreshRequestError(result.error);
+    }
+    throw buildRefreshRequestError(`Error: HTTP request failed. status=${result.status ?? 0}; url=${ANTHROPIC_REFRESH_ENDPOINT}; body=${result.body ?? ""}`);
+  }
+  return new Response(result.body ?? "", {
+    status: 200,
+    headers: {
+      "content-type": "application/json"
+    }
+  });
+}
+function createAnthropicTokenProxyFetch(originalFetch) {
+  return (async (input, init) => {
+    if (!shouldProxyTokenRequest(input)) {
+      return originalFetch(input, init);
+    }
+    const method = getRequestMethod(input, init).toUpperCase();
+    if (method !== "POST") {
+      throw buildRefreshRequestError(`Unsupported token endpoint method: ${method}`);
+    }
+    return await postAnthropicTokenViaNode(await getRequestBody(input, init));
+  });
+}
+function ensureAnthropicTokenProxyFetchInstalled() {
+  if (tokenProxyInstalled) return;
+  tokenProxyOriginalFetch = globalThis.fetch;
+  globalThis.fetch = createAnthropicTokenProxyFetch(tokenProxyOriginalFetch);
+  tokenProxyInstalled = true;
+}
+async function withAnthropicTokenProxyFetch(operation) {
+  ensureAnthropicTokenProxyFetchInstalled();
+  return await tokenProxyContext.run(true, operation);
+}
+async function fetchProfileWithSingleRetry(accessToken) {
+  let profileResult = await fetchProfile(accessToken);
+  if (profileResult.ok) {
+    return profileResult;
+  }
+  await new Promise((resolve) => setTimeout(resolve, 1e3));
+  profileResult = await fetchProfile(accessToken);
+  return profileResult;
+}
 async function loginWithPiAi(callbacks) {
-  const piCreds = await loginAnthropic({
-    onAuth: callbacks.onAuth,
+  const piCreds = await withAnthropicTokenProxyFetch(() => piAiOauth.loginAnthropic({
+    onAuth: (info) => {
+      callbacks.onAuth({
+        ...info,
+        url: info.url ? rewriteAnthropicAuthUrl(info.url) : info.url
+      });
+    },
     onPrompt: callbacks.onPrompt,
     onProgress: callbacks.onProgress,
     onManualCodeInput: callbacks.onManualCodeInput
-  });
+  }));
   const base = fromPiAiCredentials(piCreds);
-  let profileResult = await fetchProfile(piCreds.access);
-  if (!profileResult.ok) {
-    await new Promise((r) => setTimeout(r, 1e3));
-    profileResult = await fetchProfile(piCreds.access);
-  }
+  const profileResult = await fetchProfileWithSingleRetry(piCreds.access);
   const profileData = profileResult.ok ? profileResult.data : void 0;
   return {
     ...base,
@@ -2401,7 +2708,7 @@ async function loginWithPiAi(callbacks) {
   };
 }
 async function refreshWithPiAi(currentRefreshToken) {
-  const piCreds = await refreshAnthropicToken(currentRefreshToken);
+  const piCreds = await withAnthropicTokenProxyFetch(() => piAiOauth.refreshAnthropicToken(currentRefreshToken));
   return {
     accessToken: piCreds.access,
     refreshToken: piCreds.refresh,
@@ -2412,6 +2719,13 @@ var PI_AI_ADAPTER_SERVICE = ANTHROPIC_OAUTH_ADAPTER.serviceLogName;
 // src/token.ts
 var PERMANENT_FAILURE_HTTP_STATUSES = /* @__PURE__ */ new Set([400, 401, 403]);
+var PERMANENT_FAILURE_MESSAGE_PATTERNS = [
+  /\binvalid_grant\b/i,
+  /\binvalid_scope\b/i,
+  /\bunauthorized_client\b/i,
+  /\brefresh token\b.*\b(invalid|expired|revoked|no longer valid)\b/i,
+  /\bauth(?:entication)?(?:[_\s-]+)?invalid\b/i
+];
 var refreshMutexByAccountId = /* @__PURE__ */ new Map();
 function isTokenExpired(account) {
   if (!account.accessToken || !account.expiresAt) return true;
@@ -2428,7 +2742,9 @@ async function refreshToken(currentRefreshToken, accountId, client) {
     } catch (error) {
       const message = error instanceof Error ? error.message : String(error);
       const statusMatch = message.match(/\b(400|401|403)\b/);
-      const isPermanent = statusMatch !== null && PERMANENT_FAILURE_HTTP_STATUSES.has(Number(statusMatch[1]));
+      const hasPermanentStatus = statusMatch !== null && PERMANENT_FAILURE_HTTP_STATUSES.has(Number(statusMatch[1]));
+      const hasPermanentMessage = PERMANENT_FAILURE_MESSAGE_PATTERNS.some((pattern) => pattern.test(message));
+      const isPermanent = hasPermanentStatus || hasPermanentMessage;
       await client.app.log({
         body: {
           service: ANTHROPIC_OAUTH_ADAPTER.serviceLogName,
@@ -2755,7 +3071,7 @@ function printUsageEntry(name, entry, isLast) {
     return;
   }
   const bar = createProgressBar(entry.utilization);
-  const reset = entry.utilization >= 100 && entry.resets_at ? formatResetTime(entry.resets_at) : "";
+  const reset = entry.resets_at ? formatResetTime(entry.resets_at) : "";
   console.log(`     ${connector} ${name.padEnd(16)} ${bar}${reset}`);
 }
 function printQuotaReport(account, usage) {
@@ -3039,7 +3355,14 @@ async function checkAccountQuota(manager, account, client) {
     }
     const refreshResult = await manager.ensureValidToken(account.uuid, client);
     if (!refreshResult.ok) {
-      printQuotaError(account, account.isAuthDisabled ? `${account.authDisabledReason ?? "Auth disabled"} (refresh failed)` : "Failed to refresh token");
+      await manager.markAuthFailure(account.uuid, refreshResult);
+      await manager.refresh();
+      const updatedAccount = manager.getAccounts().find((candidate) => candidate.uuid === account.uuid);
+      if (!updatedAccount) {
+        printQuotaError(account, refreshResult.permanent ? "Refresh failed permanently; account removed" : "Failed to refresh token");
+        return;
+      }
+      printQuotaError(updatedAccount, updatedAccount.isAuthDisabled ? `${updatedAccount.authDisabledReason ?? "Auth disabled"} (refresh failed)` : "Failed to refresh token");
       return;
     }
     await manager.refresh();
@@ -3307,11 +3630,30 @@ function buildBillingHeader(firstUserMessage) {
   if (!version || !salt) return "";
   const sampled = sampleCodeUnits(firstUserMessage, [4, 7, 20]);
   const hash = createHash("sha256").update(`${salt}${sampled}${version}`).digest("hex").slice(0, 3);
-  return `x-anthropic-billing-header: cc_version=${version}.${hash}; cc_entrypoint=cli; cch=00000;`;
+  return `cc_version=${version}.${hash}; cc_entrypoint=cli; cch=00000;`;
 }
 var OPENCODE_CAMEL_RE = /OpenCode/g;
 var OPENCODE_LOWER_RE = /(?<!\/)opencode/gi;
 var TOOL_PREFIX_RESPONSE_RE = /"name"\s*:\s*"mcp_([^"]+)"/g;
+function extractFirstUserTextFromBody(body) {
+  if (!body) return "";
+  try {
+    const parsed = JSON.parse(body);
+    if (!Array.isArray(parsed.messages)) return "";
+    for (const message of parsed.messages) {
+      if (message.role !== "user") continue;
+      if (typeof message.content === "string") return message.content;
+      if (!Array.isArray(message.content)) continue;
+      for (const block of message.content) {
+        if (block.type === "text" && typeof block.text === "string") {
+          return block.text;
+        }
+      }
+    }
+  } catch {
+  }
+  return "";
+}
 function addToolPrefix(name) {
   if (!ANTHROPIC_OAUTH_ADAPTER.transform.addToolPrefix) {
     return name;
@@ -3337,7 +3679,7 @@ function processCompleteLines(buffer) {
 `;
   return { output, remaining };
 }
-function buildRequestHeaders(input, init, accessToken) {
+function buildRequestHeaders(input, init, accessToken, bodyString) {
   const headers = new Headers();
   if (input instanceof Request) {
     input.headers.forEach((value, key) => {
@@ -3369,6 +3711,13 @@ function buildRequestHeaders(input, init, accessToken) {
   headers.set("user-agent", CLAUDE_CLI_USER_AGENT);
   headers.set("anthropic-dangerous-direct-browser-access", "true");
   headers.set("x-app", "cli");
+  const resolvedBody = bodyString ?? (typeof init?.body === "string" ? init.body : void 0);
+  const billingHeader = buildBillingHeader(
+    extractFirstUserTextFromBody(resolvedBody)
+  );
+  if (billingHeader) {
+    headers.set("x-anthropic-billing-header", billingHeader);
+  }
   headers.delete("x-api-key");
   return headers;
 }
@@ -3547,8 +3896,9 @@ var AccountRuntimeFactory = class {
   }
   async executeTransformedFetch(input, init, accessToken) {
     const transformedInput = transformRequestUrl(input);
-    const headers = buildRequestHeaders(transformedInput, init, accessToken);
-    const transformedBody = typeof init?.body === "string" ? transformRequestBody(init.body) : init?.body;
+    const rawBody = typeof init?.body === "string" ? init.body : void 0;
+    const headers = buildRequestHeaders(transformedInput, init, accessToken, rawBody);
+    const transformedBody = rawBody !== void 0 ? transformRequestBody(rawBody) : init?.body;
     const response = await fetch(transformedInput, {
       ...init,
       headers,
@@ -3579,24 +3929,6 @@ var AccountRuntimeFactory = class {
 };
 // src/index.ts
-function extractFirstUserText(input) {
-  try {
-    const raw = input;
-    const messages = raw.messages ?? raw.request?.messages;
-    if (!Array.isArray(messages)) return "";
-    for (const msg of messages) {
-      if (msg.role !== "user") continue;
-      if (typeof msg.content === "string") return msg.content;
-      if (Array.isArray(msg.content)) {
-        for (const block of msg.content) {
-          if (block.type === "text" && block.text) return block.text;
-        }
-      }
-    }
-  } catch {
-  }
-  return "";
-}
 function injectSystemPrompt(output) {
   const systemPrompt = getSystemPrompt();
   if (!Array.isArray(output.system)) {
@@ -3618,12 +3950,8 @@ var ClaudeMultiAuthPlugin = async (ctx) => {
   let cascadeStateManager = null;
   let poolChainConfig = { pools: [], chains: [] };
   return {
-    "experimental.chat.system.transform": (input, output) => {
+    "experimental.chat.system.transform": (_input, output) => {
       injectSystemPrompt(output);
-      const billingHeader = buildBillingHeader(extractFirstUserText(input));
-      if (billingHeader && !output.system?.includes(billingHeader)) {
-        output.system?.unshift(billingHeader);
-      }
     },
     tool: {
       [ANTHROPIC_OAUTH_ADAPTER.statusToolName]: tool({

package/dist/pi-ai-adapter.d.ts CHANGED Viewed

@@ -11,6 +11,10 @@ export interface LoginWithPiAiCallbacks {
     onProgress?: (message: string) => void;
     onManualCodeInput?: () => Promise<string>;
 }
+export declare function applyAnthropicTokenRequestOverrides(rawBody: string): string;
+export declare function rewriteAnthropicAuthUrl(rawUrl: string): string;
+export declare function withAnthropicTokenProxyFetch<T>(operation: () => Promise<T>): Promise<T>;
+export declare function resetAnthropicTokenProxyStateForTest(): void;
 export declare function loginWithPiAi(callbacks: LoginWithPiAiCallbacks): Promise<Partial<StoredAccount>>;
 export declare function refreshWithPiAi(currentRefreshToken: string): Promise<CredentialRefreshPatch>;
 export declare const PI_AI_ADAPTER_SERVICE: string;

package/dist/request-transform.d.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 export declare function getSystemPrompt(): string;
 export declare function buildBillingHeader(firstUserMessage: string): string;
-export declare function buildRequestHeaders(input: RequestInfo | URL, init: RequestInit | undefined, accessToken: string): Headers;
+export declare function buildRequestHeaders(input: RequestInfo | URL, init: RequestInit | undefined, accessToken: string, bodyString?: string): Headers;
 export declare function transformRequestBody(body: string | undefined): string | undefined;
 export declare function transformRequestUrl(input: RequestInfo | URL): RequestInfo | URL;
 export declare function createResponseStreamTransform(response: Response): Response;

package/dist/token-node-request.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+export interface NodeTokenRequestOptions {
+    body: string;
+    endpoint: string;
+    executable: string;
+    timeoutMs: number;
+}
+type NodeTokenRequestRunner = (options: NodeTokenRequestOptions) => Promise<string>;
+export declare function runNodeTokenRequest(options: NodeTokenRequestOptions): Promise<string>;
+export declare function setNodeTokenRequestRunnerForTest(runner: NodeTokenRequestRunner | null): void;
+export {};

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "opencode-anthropic-multi-account",
-  "version": "0.2.4",
+  "version": "0.2.6",
   "description": "OpenCode plugin for Anthropic multi-account management with automatic rate limit switching",
   "main": "./dist/index.js",
   "type": "module",
@@ -39,7 +39,7 @@
     "directory": "packages/anthropic-multi-account"
   },
   "dependencies": {
-    "opencode-multi-account-core": "^0.2.4",
+    "opencode-multi-account-core": "^0.2.6",
     "@mariozechner/pi-ai": "^0.61.0",
     "valibot": "^1.2.0"
   },