opencode-immune 1.0.37 → 1.0.39
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/plugin.js +35 -7
- package/package.json +1 -1
package/dist/plugin.js
CHANGED
|
@@ -11,7 +11,7 @@ const child_process_1 = require("child_process");
|
|
|
11
11
|
// ═══════════════════════════════════════════════════════════════════════════════
|
|
12
12
|
// PLUGIN VERSION CHECK
|
|
13
13
|
// ═══════════════════════════════════════════════════════════════════════════════
|
|
14
|
-
const PLUGIN_VERSION = "1.0.
|
|
14
|
+
const PLUGIN_VERSION = "1.0.39";
|
|
15
15
|
const PLUGIN_PACKAGE_NAME = "opencode-immune";
|
|
16
16
|
/**
|
|
17
17
|
* Read plugin version from package.json at runtime.
|
|
@@ -93,11 +93,11 @@ const ULTRAWORK_AGENT = "0-ultrawork";
|
|
|
93
93
|
const MANAGED_SESSION_TTL_MS = 7 * 24 * 60 * 60 * 1000;
|
|
94
94
|
const RATE_LIMIT_FALLBACK_MODEL = {
|
|
95
95
|
providerID: "externcash",
|
|
96
|
-
modelID: "gpt-5.
|
|
96
|
+
modelID: "gpt-5.5",
|
|
97
97
|
};
|
|
98
98
|
const CHILD_SESSION_FALLBACK_MODEL = {
|
|
99
99
|
providerID: "externcash",
|
|
100
|
-
modelID: "gpt-5.
|
|
100
|
+
modelID: "gpt-5.5",
|
|
101
101
|
};
|
|
102
102
|
function isManagedUltraworkSession(state, sessionID) {
|
|
103
103
|
return !!sessionID && state.managedUltraworkSessions.has(sessionID);
|
|
@@ -294,6 +294,13 @@ function isRetryableApiError(error) {
|
|
|
294
294
|
message.includes("timeout") ||
|
|
295
295
|
message.includes("sse read") ||
|
|
296
296
|
message.includes("stream error") ||
|
|
297
|
+
// Certificate/TLS provider failures must pass this primary retry gate
|
|
298
|
+
// before the managed-session fallback model branch can run.
|
|
299
|
+
message.includes("unknown certificate verification error") ||
|
|
300
|
+
message.includes("certificate has expired") ||
|
|
301
|
+
message.includes("certificate verification") ||
|
|
302
|
+
message.includes("tls") ||
|
|
303
|
+
message.includes("ssl") ||
|
|
297
304
|
message.includes("connection reset") ||
|
|
298
305
|
message.includes("socket hang up") ||
|
|
299
306
|
message.includes("aborted")) {
|
|
@@ -323,6 +330,26 @@ function isRateLimitApiError(error) {
|
|
|
323
330
|
const type = `${maybeError.data?.type ?? ""}`.toLowerCase();
|
|
324
331
|
return ((type.includes("rate_limit") || message.includes("too many requests") || message.includes("rate limit")));
|
|
325
332
|
}
|
|
333
|
+
function isCertificateApiError(error) {
|
|
334
|
+
if (!error || typeof error !== "object")
|
|
335
|
+
return false;
|
|
336
|
+
const maybeError = error;
|
|
337
|
+
const message = `${maybeError.message ?? ""} ${maybeError.data?.message ?? ""}`.toLowerCase();
|
|
338
|
+
const code = `${maybeError.code ?? ""} ${maybeError.data?.code ?? ""}`.toLowerCase();
|
|
339
|
+
const type = `${maybeError.data?.type ?? ""}`.toLowerCase();
|
|
340
|
+
return (message.includes("unknown certificate verification error") ||
|
|
341
|
+
message.includes("certificate has expired") ||
|
|
342
|
+
message.includes("certificate verification") ||
|
|
343
|
+
message.includes("tls") ||
|
|
344
|
+
message.includes("ssl") ||
|
|
345
|
+
code.includes("cert_has_expired") ||
|
|
346
|
+
code.includes("unable_to_verify_leaf_signature") ||
|
|
347
|
+
code.includes("self_signed_cert") ||
|
|
348
|
+
code.includes("tls") ||
|
|
349
|
+
type.includes("certificate") ||
|
|
350
|
+
type.includes("tls") ||
|
|
351
|
+
type.includes("ssl"));
|
|
352
|
+
}
|
|
326
353
|
async function setSessionFallbackModel(state, sessionID, model) {
|
|
327
354
|
const existing = state.managedUltraworkSessions.get(sessionID);
|
|
328
355
|
if (!existing)
|
|
@@ -1264,16 +1291,17 @@ function createEventHandler(state) {
|
|
|
1264
1291
|
if (count < MAX_RETRIES) {
|
|
1265
1292
|
const delay = Math.min(BASE_DELAY_MS * Math.pow(2, count), MAX_DELAY_MS);
|
|
1266
1293
|
state.sessionErrorRetryCount.set(sessionID, count + 1);
|
|
1267
|
-
// Pin fallback model: for child sessions always, for root
|
|
1294
|
+
// Pin fallback model: for child sessions always, for root provider-level failures.
|
|
1268
1295
|
if (isChild) {
|
|
1269
1296
|
await setSessionFallbackModel(state, sessionID, CHILD_SESSION_FALLBACK_MODEL);
|
|
1270
|
-
const errorType = isModelAccessError(error) ? "model access error" : isRateLimitApiError(error) ? "rate limit" : "retryable error";
|
|
1297
|
+
const errorType = isModelAccessError(error) ? "model access error" : isRateLimitApiError(error) ? "rate limit" : isCertificateApiError(error) ? "certificate error" : "retryable error";
|
|
1271
1298
|
console.log(`[opencode-immune] Child session ${sessionID}: ${errorType} detected. ` +
|
|
1272
1299
|
`Retry will use fallback model ${CHILD_SESSION_FALLBACK_MODEL.providerID}/${CHILD_SESSION_FALLBACK_MODEL.modelID}.`);
|
|
1273
1300
|
}
|
|
1274
|
-
else if (isRoot && isRateLimitApiError(error)) {
|
|
1301
|
+
else if (isRoot && (isRateLimitApiError(error) || isCertificateApiError(error))) {
|
|
1275
1302
|
await setSessionFallbackModel(state, sessionID, RATE_LIMIT_FALLBACK_MODEL);
|
|
1276
|
-
|
|
1303
|
+
const errorType = isCertificateApiError(error) ? "certificate error" : "rate limit";
|
|
1304
|
+
console.log(`[opencode-immune] ${errorType} detected for root session ${sessionID}. ` +
|
|
1277
1305
|
`Retry will use fallback model ${RATE_LIMIT_FALLBACK_MODEL.providerID}/${RATE_LIMIT_FALLBACK_MODEL.modelID}.`);
|
|
1278
1306
|
}
|
|
1279
1307
|
const scheduled = scheduleManagedSessionRetry(state, sessionID, {
|