npm - proxitor - Versions diffs - 0.8.0 → 0.9.0-beta.1 - Mend

proxitor 0.8.0 → 0.9.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (28) hide show

package/dist/cli.mjs CHANGED Viewed

@@ -1,6 +1,6 @@
 #!/usr/bin/env node
 import { createRequire } from "node:module";
-import V from "node:process";
+import process$1 from "node:process";
 import os, { homedir } from "node:os";
 import * as tty$1 from "node:tty";
 import tty from "node:tty";
@@ -10,6 +10,7 @@ import { join, resolve, sep } from "node:path";
 import { STATUS_CODES, createServer } from "node:http";
 import { Http2ServerRequest, constants } from "node:http2";
 import { Readable } from "node:stream";
+import { createHash } from "node:crypto";
 //#region \0rolldown/runtime.js
 var __defProp$1 = Object.defineProperty;
 var __getOwnPropDesc$1 = Object.getOwnPropertyDescriptor;
@@ -207,7 +208,7 @@ var init_ansi_styles = __esmMin((() => {
 }));
 //#endregion
 //#region node_modules/.pnpm/chalk@5.6.2/node_modules/chalk/source/vendor/supports-color/index.js
-function hasFlag(flag, argv = globalThis.Deno ? globalThis.Deno.args : V.argv) {
+function hasFlag(flag, argv = globalThis.Deno ? globalThis.Deno.args : process$1.argv) {
 	const prefix = flag.startsWith("-") ? "" : flag.length === 1 ? "-" : "--";
 	const position = argv.indexOf(prefix + flag);
 	const terminatorPosition = argv.indexOf("--");
@@ -242,7 +243,7 @@ function _supportsColor(haveStream, { streamIsTTY, sniffFlags = true } = {}) {
 	if (haveStream && !streamIsTTY && forceColor === void 0) return 0;
 	const min = forceColor || 0;
 	if (env$1.TERM === "dumb") return min;
-	if (V.platform === "win32") {
+	if (process$1.platform === "win32") {
 		const osRelease = os.release().split(".");
 		if (Number(osRelease[0]) >= 10 && Number(osRelease[2]) >= 10586) return Number(osRelease[2]) >= 14931 ? 3 : 2;
 		return 1;
@@ -287,7 +288,7 @@ function createSupportsColor(stream, options = {}) {
 }
 var env$1, flagForceColor, supportsColor;
 var init_supports_color = __esmMin((() => {
-	({env: env$1} = V);
+	({env: env$1} = process$1);
 	if (hasFlag("no-color") || hasFlag("no-colors") || hasFlag("color=false") || hasFlag("color=never")) flagForceColor = 0;
 	else if (hasFlag("color") || hasFlag("colors") || hasFlag("color=true") || hasFlag("color=always")) flagForceColor = 1;
 	supportsColor = {
@@ -7001,6 +7002,7 @@ const string$2 = (params) => {
 const integer = /^-?\d+$/;
 const number$2 = /^-?\d+(?:\.\d+)?$/;
 const boolean$1 = /^(?:true|false)$/i;
+const _null$2 = /^null$/i;
 const lowercase = /^[^A-Z]*$/;
 const uppercase = /^[^a-z]*$/;
 //#endregion
@@ -7813,6 +7815,22 @@ const $ZodBoolean = /*@__PURE__*/ $constructor("$ZodBoolean", (inst, def) => {
 		return payload;
 	};
 });
+const $ZodNull = /*@__PURE__*/ $constructor("$ZodNull", (inst, def) => {
+	$ZodType.init(inst, def);
+	inst._zod.pattern = _null$2;
+	inst._zod.values = new Set([null]);
+	inst._zod.parse = (payload, _ctx) => {
+		const input = payload.value;
+		if (input === null) return payload;
+		payload.issues.push({
+			expected: "null",
+			code: "invalid_type",
+			input,
+			inst
+		});
+		return payload;
+	};
+});
 const $ZodUnknown = /*@__PURE__*/ $constructor("$ZodUnknown", (inst, def) => {
 	$ZodType.init(inst, def);
 	inst._zod.parse = (payload) => payload;
@@ -8961,6 +8979,13 @@ function _boolean(Class, params) {
 	});
 }
 // @__NO_SIDE_EFFECTS__
+function _null$1(Class, params) {
+	return new Class({
+		type: "null",
+		...normalizeParams(params)
+	});
+}
+// @__NO_SIDE_EFFECTS__
 function _unknown(Class) {
 	return new Class({ type: "unknown" });
 }
@@ -9183,7 +9208,7 @@ function initializeContext(params) {
 		external: params?.external ?? void 0
 	};
 }
-function process$1(schema, ctx, _params = {
+function process$2(schema, ctx, _params = {
 	path: [],
 	schemaPath: []
 }) {
@@ -9220,7 +9245,7 @@ function process$1(schema, ctx, _params = {
 		const parent = schema._zod.parent;
 		if (parent) {
 			if (!result.ref) result.ref = parent;
-			process$1(parent, ctx, params);
+			process$2(parent, ctx, params);
 			ctx.seen.get(parent).isParent = true;
 		}
 	}
@@ -9440,7 +9465,7 @@ const createToJSONSchemaMethod = (schema, processors = {}) => (params) => {
 		...params,
 		processors
 	});
-	process$1(schema, ctx);
+	process$2(schema, ctx);
 	extractDefs(ctx, schema);
 	return finalize(ctx, schema);
 };
@@ -9452,7 +9477,7 @@ const createStandardJSONSchemaMethod = (schema, io, processors = {}) => (params)
 		io,
 		processors
 	});
-	process$1(schema, ctx);
+	process$2(schema, ctx);
 	extractDefs(ctx, schema);
 	return finalize(ctx, schema);
 };
@@ -9509,6 +9534,13 @@ const numberProcessor = (schema, ctx, _json, _params) => {
 const booleanProcessor = (_schema, _ctx, json, _params) => {
 	json.type = "boolean";
 };
+const nullProcessor = (_schema, ctx, json, _params) => {
+	if (ctx.target === "openapi-3.0") {
+		json.type = "string";
+		json.nullable = true;
+		json.enum = [null];
+	} else json.type = "null";
+};
 const neverProcessor = (_schema, _ctx, json, _params) => {
 	json.not = {};
 };
@@ -9532,7 +9564,7 @@ const arrayProcessor = (schema, ctx, _json, params) => {
 	if (typeof minimum === "number") json.minItems = minimum;
 	if (typeof maximum === "number") json.maxItems = maximum;
 	json.type = "array";
-	json.items = process$1(def.element, ctx, {
+	json.items = process$2(def.element, ctx, {
 		...params,
 		path: [...params.path, "items"]
 	});
@@ -9543,7 +9575,7 @@ const objectProcessor = (schema, ctx, _json, params) => {
 	json.type = "object";
 	json.properties = {};
 	const shape = def.shape;
-	for (const key in shape) json.properties[key] = process$1(shape[key], ctx, {
+	for (const key in shape) json.properties[key] = process$2(shape[key], ctx, {
 		...params,
 		path: [
 			...params.path,
@@ -9561,7 +9593,7 @@ const objectProcessor = (schema, ctx, _json, params) => {
 	if (def.catchall?._zod.def.type === "never") json.additionalProperties = false;
 	else if (!def.catchall) {
 		if (ctx.io === "output") json.additionalProperties = false;
-	} else if (def.catchall) json.additionalProperties = process$1(def.catchall, ctx, {
+	} else if (def.catchall) json.additionalProperties = process$2(def.catchall, ctx, {
 		...params,
 		path: [...params.path, "additionalProperties"]
 	});
@@ -9569,7 +9601,7 @@ const objectProcessor = (schema, ctx, _json, params) => {
 const unionProcessor = (schema, ctx, json, params) => {
 	const def = schema._zod.def;
 	const isExclusive = def.inclusive === false;
-	const options = def.options.map((x, i) => process$1(x, ctx, {
+	const options = def.options.map((x, i) => process$2(x, ctx, {
 		...params,
 		path: [
 			...params.path,
@@ -9582,7 +9614,7 @@ const unionProcessor = (schema, ctx, json, params) => {
 };
 const intersectionProcessor = (schema, ctx, json, params) => {
 	const def = schema._zod.def;
-	const a = process$1(def.left, ctx, {
+	const a = process$2(def.left, ctx, {
 		...params,
 		path: [
 			...params.path,
@@ -9590,7 +9622,7 @@ const intersectionProcessor = (schema, ctx, json, params) => {
 			0
 		]
 	});
-	const b = process$1(def.right, ctx, {
+	const b = process$2(def.right, ctx, {
 		...params,
 		path: [
 			...params.path,
@@ -9608,7 +9640,7 @@ const recordProcessor = (schema, ctx, _json, params) => {
 	const keyType = def.keyType;
 	const patterns = keyType._zod.bag?.patterns;
 	if (def.mode === "loose" && patterns && patterns.size > 0) {
-		const valueSchema = process$1(def.valueType, ctx, {
+		const valueSchema = process$2(def.valueType, ctx, {
 			...params,
 			path: [
 				...params.path,
@@ -9619,11 +9651,11 @@ const recordProcessor = (schema, ctx, _json, params) => {
 		json.patternProperties = {};
 		for (const pattern of patterns) json.patternProperties[pattern.source] = valueSchema;
 	} else {
-		if (ctx.target === "draft-07" || ctx.target === "draft-2020-12") json.propertyNames = process$1(def.keyType, ctx, {
+		if (ctx.target === "draft-07" || ctx.target === "draft-2020-12") json.propertyNames = process$2(def.keyType, ctx, {
 			...params,
 			path: [...params.path, "propertyNames"]
 		});
-		json.additionalProperties = process$1(def.valueType, ctx, {
+		json.additionalProperties = process$2(def.valueType, ctx, {
 			...params,
 			path: [...params.path, "additionalProperties"]
 		});
@@ -9636,7 +9668,7 @@ const recordProcessor = (schema, ctx, _json, params) => {
 };
 const nullableProcessor = (schema, ctx, json, params) => {
 	const def = schema._zod.def;
-	const inner = process$1(def.innerType, ctx, params);
+	const inner = process$2(def.innerType, ctx, params);
 	const seen = ctx.seen.get(schema);
 	if (ctx.target === "openapi-3.0") {
 		seen.ref = def.innerType;
@@ -9645,27 +9677,27 @@ const nullableProcessor = (schema, ctx, json, params) => {
 };
 const nonoptionalProcessor = (schema, ctx, _json, params) => {
 	const def = schema._zod.def;
-	process$1(def.innerType, ctx, params);
+	process$2(def.innerType, ctx, params);
 	const seen = ctx.seen.get(schema);
 	seen.ref = def.innerType;
 };
 const defaultProcessor = (schema, ctx, json, params) => {
 	const def = schema._zod.def;
-	process$1(def.innerType, ctx, params);
+	process$2(def.innerType, ctx, params);
 	const seen = ctx.seen.get(schema);
 	seen.ref = def.innerType;
 	json.default = JSON.parse(JSON.stringify(def.defaultValue));
 };
 const prefaultProcessor = (schema, ctx, json, params) => {
 	const def = schema._zod.def;
-	process$1(def.innerType, ctx, params);
+	process$2(def.innerType, ctx, params);
 	const seen = ctx.seen.get(schema);
 	seen.ref = def.innerType;
 	if (ctx.io === "input") json._prefault = JSON.parse(JSON.stringify(def.defaultValue));
 };
 const catchProcessor = (schema, ctx, json, params) => {
 	const def = schema._zod.def;
-	process$1(def.innerType, ctx, params);
+	process$2(def.innerType, ctx, params);
 	const seen = ctx.seen.get(schema);
 	seen.ref = def.innerType;
 	let catchValue;
@@ -9680,20 +9712,20 @@ const pipeProcessor = (schema, ctx, _json, params) => {
 	const def = schema._zod.def;
 	const inIsTransform = def.in._zod.traits.has("$ZodTransform");
 	const innerType = ctx.io === "input" ? inIsTransform ? def.out : def.in : def.out;
-	process$1(innerType, ctx, params);
+	process$2(innerType, ctx, params);
 	const seen = ctx.seen.get(schema);
 	seen.ref = innerType;
 };
 const readonlyProcessor = (schema, ctx, json, params) => {
 	const def = schema._zod.def;
-	process$1(def.innerType, ctx, params);
+	process$2(def.innerType, ctx, params);
 	const seen = ctx.seen.get(schema);
 	seen.ref = def.innerType;
 	json.readOnly = true;
 };
 const optionalProcessor = (schema, ctx, _json, params) => {
 	const def = schema._zod.def;
-	process$1(def.innerType, ctx, params);
+	process$2(def.innerType, ctx, params);
 	const seen = ctx.seen.get(schema);
 	seen.ref = def.innerType;
 };
@@ -10178,6 +10210,14 @@ const ZodBoolean = /*@__PURE__*/ $constructor("ZodBoolean", (inst, def) => {
 function boolean(params) {
 	return /* @__PURE__ */ _boolean(ZodBoolean, params);
 }
+const ZodNull = /*@__PURE__*/ $constructor("ZodNull", (inst, def) => {
+	$ZodNull.init(inst, def);
+	ZodType.init(inst, def);
+	inst._zod.processJSONSchema = (ctx, json, params) => nullProcessor(inst, ctx, json, params);
+});
+function _null(params) {
+	return /* @__PURE__ */ _null$1(ZodNull, params);
+}
 const ZodUnknown = /*@__PURE__*/ $constructor("ZodUnknown", (inst, def) => {
 	$ZodUnknown.init(inst, def);
 	ZodType.init(inst, def);
@@ -10541,6 +10581,7 @@ function superRefine(fn, params) {
 }
 //#endregion
 //#region src/config-schema.ts
+const OPENROUTER_API_URL = "https://openrouter.ai/api";
 const percentileCutoffsSchema = object({
 	p50: number$1().positive().optional(),
 	p75: number$1().positive().optional(),
@@ -10580,15 +10621,23 @@ const providerConfigSchema = object({
 	preferredMinThroughput: union([number$1().positive(), percentileCutoffsSchema]).optional(),
 	preferredMaxLatency: union([number$1().positive(), percentileCutoffsSchema]).optional()
 }).strict();
+const triStateSchema = _enum([
+	"auto",
+	"always",
+	"never"
+]);
 const modelOverrideSchema = object({
 	provider: providerConfigSchema.optional(),
-	headers: record(string$1(), string$1()).optional()
+	headers: record(string$1(), string$1()).optional(),
+	cacheControl: triStateSchema.optional(),
+	cacheControlTtl: union([_enum(["5m", "1h"]), _null()]).optional(),
+	sessionId: triStateSchema.optional()
 }).strict();
 const proxyConfigSchema = object({
 	host: string$1().min(1).default("0.0.0.0"),
 	port: number$1().int().min(1).max(65535).default(8828),
 	openrouterKey: string$1().default(""),
-	openrouterBaseUrl: string$1().url().default("https://openrouter.ai/api/v1"),
+	openrouterBaseUrl: string$1().url().default(OPENROUTER_API_URL),
 	openrouterDataUrl: string$1().url().optional(),
 	authType: _enum(["bearer", "oauth"]).default("bearer"),
 	verbose: boolean().default(false),
@@ -10597,6 +10646,9 @@ const proxyConfigSchema = object({
 	attributionReferer: string$1().min(1).default("https://github.com/neiromaster/proxitor"),
 	attributionTitle: string$1().min(1).default("proxitor"),
 	headers: record(string$1(), string$1()).optional(),
+	cacheControl: triStateSchema.default("auto"),
+	cacheControlTtl: _enum(["5m", "1h"]).optional(),
+	sessionId: triStateSchema.default("auto"),
 	modelOverrides: record(string$1().min(1), modelOverrideSchema).optional()
 }).strict();
 const DEFAULTS = proxyConfigSchema.parse({});
@@ -10628,15 +10680,6 @@ function toArray(value) {
 	const arr = Array.isArray(value) ? [...value] : [value];
 	return arr.length > 0 ? arr : void 0;
 }
-/** Try to parse an ArrayBuffer as JSON. Returns undefined on failure or empty body. */
-function tryParseBody(raw) {
-	if (raw.byteLength === 0) return void 0;
-	try {
-		return JSON.parse(new TextDecoder().decode(raw));
-	} catch {
-		return;
-	}
-}
 //#endregion
 //#region src/config.ts
 const ARRAY_FIELDS = [
@@ -10716,27 +10759,48 @@ function matchScore(pattern, modelName) {
 function resolveModelConfig(config, modelName) {
 	const result = {
 		provider: config.provider,
-		headers: config.headers ? { ...config.headers } : void 0
+		headers: config.headers ? { ...config.headers } : void 0,
+		cacheControl: config.cacheControl,
+		cacheControlTtl: config.cacheControlTtl,
+		sessionId: config.sessionId
 	};
 	if (!modelName || !config.modelOverrides) return result;
+	const bestPattern = findBestMatch(Object.keys(config.modelOverrides), modelName);
+	if (bestPattern) applyOverride(result, config.modelOverrides[bestPattern]);
+	return result;
+}
+function findBestMatch(patterns, modelName) {
 	let bestPattern = null;
 	let bestScore = -1;
-	for (const pattern of Object.keys(config.modelOverrides)) {
+	for (const pattern of patterns) {
 		const score = matchScore(pattern, modelName);
 		if (score > bestScore) {
 			bestScore = score;
 			bestPattern = pattern;
 		}
 	}
-	if (bestPattern) {
-		const override = config.modelOverrides[bestPattern];
-		if (override?.provider !== void 0) result.provider = override.provider;
-		if (override?.headers) result.headers = {
-			...result.headers ?? {},
-			...override.headers
-		};
-	}
-	return result;
+	return bestPattern;
+}
+function applyOverride(result, override) {
+	if (!override) return;
+	if (override.provider !== void 0) result.provider = override.provider;
+	if (override.headers) result.headers = {
+		...result.headers ?? {},
+		...override.headers
+	};
+	if (override.cacheControl !== void 0) result.cacheControl = override.cacheControl;
+	if (override.cacheControlTtl === null) result.cacheControlTtl = void 0;
+	else if (override.cacheControlTtl !== void 0) result.cacheControlTtl = override.cacheControlTtl;
+	if (override.sessionId !== void 0) result.sessionId = override.sessionId;
+}
+/**
+* Throw if a URL ends with /v1 — a common misconfiguration after the URL routing change.
+* Paths like /v1/chat/completions are now forwarded as-is, so including /v1 in the base
+* URL would produce doubled paths like /v1/v1/chat/completions.
+*/
+function throwIfV1Suffix(url, field) {
+	const { pathname } = new URL(url);
+	if (pathname.endsWith("/v1") || pathname.endsWith("/v1/")) throw new Error(`${field} "${url}" ends with /v1 — paths are now forwarded as-is, so this would produce doubled paths like /v1/v1/chat/completions. Remove the /v1 suffix (use "${url.replace(/\/v1\/?$/, "")}")`);
 }
 async function loadConfig(options) {
 	let fileConfig = {};
@@ -10756,6 +10820,8 @@ async function loadConfig(options) {
 	const result = proxyConfigSchema.safeParse(merged);
 	if (!result.success) throw new ConfigValidationError("(merged config)", result.error);
 	if (!result.data.openrouterKey) throw new Error("OpenRouter API key is required. Set OPENROUTER_API_KEY env var, pass --openrouter-key flag, or set it in config file.");
+	throwIfV1Suffix(result.data.openrouterBaseUrl, "openrouterBaseUrl");
+	if (result.data.openrouterDataUrl) throwIfV1Suffix(result.data.openrouterDataUrl, "openrouterDataUrl");
 	return result.data;
 }
 function getXdgConfigDir() {
@@ -11648,9 +11714,9 @@ function stringWidth$1(string, options = {}) {
 	return width;
 }
 function isUnicodeSupported() {
-	const { env } = V;
+	const { env } = process$1;
 	const { TERM, TERM_PROGRAM } = env;
-	if (V.platform !== "win32") return TERM !== "linux";
+	if (process$1.platform !== "win32") return TERM !== "linux";
 	return Boolean(env.WT_SESSION) || Boolean(env.TERMINUS_SUBLIME) || env.ConEmuTask === "{cmd::Cmder}" || TERM_PROGRAM === "Terminus-Sublime" || TERM_PROGRAM === "vscode" || TERM === "xterm-256color" || TERM === "alacritty" || TERM === "rxvt-unicode" || TERM === "rxvt-unicode-256color" || env.TERMINAL_EMULATOR === "JetBrains-JediTerm";
 }
 const TYPE_COLOR_MAP = {
@@ -11810,7 +11876,7 @@ var OpenRouterClient = class {
 };
 //#endregion
 //#region src/openrouter/data-client.ts
-const OPENROUTER_FALLBACK_URL = "https://openrouter.ai/api/v1";
+const OPENROUTER_FALLBACK_URL = OPENROUTER_API_URL;
 function isValidProvidersResponse(data) {
 	return typeof data === "object" && data !== null && "data" in data && Array.isArray(data.data);
 }
@@ -11824,7 +11890,7 @@ function isValidEndpointsResponse(data) {
 * Client for fetching provider/model data with automatic fallback to OpenRouter.
 *
 * When the primary API (openrouterDataUrl or openrouterBaseUrl) doesn't support
-* OpenRouter-specific data endpoints, falls back to https://openrouter.ai/api/v1
+* OpenRouter-specific data endpoints, falls back to https://openrouter.ai/api
 * which hosts public, unauthenticated endpoints for /providers, /models, etc.
 */
 var OpenRouterDataClient = class {
@@ -11840,13 +11906,13 @@ var OpenRouterDataClient = class {
 		this.onFallback = config.onFallback;
 	}
 	async fetchProviders() {
-		return (await this.withFallback("/providers", () => this.primaryClient.get("/providers"), isValidProvidersResponse)).data.data;
+		return (await this.withFallback("/v1/providers", () => this.primaryClient.get("/v1/providers"), isValidProvidersResponse)).data.data;
 	}
 	async fetchModels() {
-		return (await this.withFallback("/models", () => this.primaryClient.get("/models"), isValidModelsResponse)).data.data;
+		return (await this.withFallback("/v1/models", () => this.primaryClient.get("/v1/models"), isValidModelsResponse)).data.data;
 	}
 	async fetchModelEndpoints(author, slug) {
-		const path = `/models/${author}/${slug}/endpoints`;
+		const path = `/v1/models/${author}/${slug}/endpoints`;
 		return (await this.withFallback(path, () => this.primaryClient.get(path), isValidEndpointsResponse)).data.data.endpoints ?? [];
 	}
 	/**
@@ -12849,7 +12915,7 @@ var compose = (middleware, onError, onNotFound) => {
 var GET_MATCH_RESULT = /* @__PURE__ */ Symbol();
 //#endregion
 //#region node_modules/.pnpm/hono@4.12.23/node_modules/hono/dist/utils/body.js
-var parseBody = async (request, options = /* @__PURE__ */ Object.create(null)) => {
+var parseBody$1 = async (request, options = /* @__PURE__ */ Object.create(null)) => {
 	const { all = false, dot = false } = options;
 	const contentType = (request instanceof HonoRequest ? request.raw.headers : request.headers).get("Content-Type");
 	if (contentType?.startsWith("multipart/form-data") || contentType?.startsWith("application/x-www-form-urlencoded")) return parseFormData(request, {
@@ -13136,7 +13202,7 @@ var HonoRequest = class {
 		return headerData;
 	}
 	async parseBody(options) {
-		return parseBody(this, options);
+		return parseBody$1(this, options);
 	}
 	#cachedBody = (key) => {
 		const { bodyCache, raw } = this;
@@ -14590,6 +14656,9 @@ var Hono = class extends Hono$1 {
 	}
 };
 //#endregion
+//#region node_modules/.pnpm/hono@4.12.23/node_modules/hono/dist/helper/factory/index.js
+var createMiddleware = (middleware) => middleware;
+//#endregion
 //#region src/proxy/headers.ts
 const HOP_BY_HOP = new Set([
 	"connection",
@@ -14606,7 +14675,9 @@ const STRIP_REQUEST = new Set([
 	"authorization",
 	"x-api-key",
 	"host",
-	"content-length"
+	"content-length",
+	"x-claude-code-session-id",
+	"x-session-id"
 ]);
 /** Headers to strip from upstream response before forwarding */
 const STRIP_RESPONSE = new Set(["content-length", "content-encoding"]);
@@ -14621,17 +14692,6 @@ function filterHeaders(incoming, blocklist) {
 	}
 	return headers;
 }
-/** Build request headers for upstream fetch */
-function buildRequestHeaders(incoming, config, inject, extraHeaders) {
-	const headers = filterHeaders(incoming, STRIP_REQUEST);
-	headers.Authorization = formatAuthHeader(config.openrouterKey, config.authType);
-	headers["HTTP-Referer"] = config.attributionReferer;
-	headers["X-OpenRouter-Title"] = config.attributionTitle;
-	headers["Accept-Encoding"] = "identity";
-	if (extraHeaders) Object.assign(headers, extraHeaders);
-	if (inject) headers["Content-Type"] = "application/json";
-	return headers;
-}
 /** Filter response headers and add SSE-friendly defaults */
 function buildResponseHeaders(from) {
 	const headers = filterHeaders(from, STRIP_RESPONSE);
@@ -14640,6 +14700,49 @@ function buildResponseHeaders(from) {
 	return headers;
 }
 //#endregion
+//#region src/proxy/middleware/build-upstream-req.ts
+const PROTO_POLLUTION_KEYS = new Set([
+	"__proto__",
+	"constructor",
+	"prototype"
+]);
+function resolveForwardBody(c) {
+	if (c.var.bodyMutated && c.var.parsedBody) try {
+		return new TextEncoder().encode(JSON.stringify(c.var.parsedBody)).buffer;
+	} catch (err) {
+		logger.warn(withReq(c.var.reqId, `Failed to re-serialize mutated body (${err instanceof Error ? err.message : "unknown"}); forwarding raw body as-is`));
+		return c.var.rawBody;
+	}
+	return c.var.rawBody;
+}
+function applyProxyHeaders(headers, config) {
+	headers.Authorization = formatAuthHeader(config.openrouterKey, config.authType);
+	headers["HTTP-Referer"] = config.attributionReferer;
+	headers["X-OpenRouter-Title"] = config.attributionTitle;
+	headers["Accept-Encoding"] = "identity";
+}
+function applyExtraHeaders(headers, extraHeaders) {
+	if (!extraHeaders) return;
+	for (const [key, value] of Object.entries(extraHeaders)) {
+		if (PROTO_POLLUTION_KEYS.has(key)) continue;
+		headers[key] = value;
+	}
+}
+function forceJsonContentType(headers) {
+	for (const key of Object.keys(headers)) if (key.toLowerCase() === "content-type") delete headers[key];
+	headers["Content-Type"] = "application/json";
+}
+const buildUpstreamReq = createMiddleware(async (c, next) => {
+	c.set("forwardBody", resolveForwardBody(c));
+	const headers = filterHeaders(c.req.raw.headers, STRIP_REQUEST);
+	applyProxyHeaders(headers, c.var.config);
+	applyExtraHeaders(headers, c.var.resolvedConfig.headers);
+	if (c.var.effectiveSessionId !== void 0) headers["x-session-id"] = c.var.effectiveSessionId;
+	if (c.var.bodyMutated) forceJsonContentType(headers);
+	c.set("upstreamHeaders", headers);
+	await next();
+});
+//#endregion
 //#region src/proxy/cache-logging.ts
 function extractCacheUsage(bodyText) {
 	try {
@@ -14754,130 +14857,10 @@ function buildUpstreamResponseWithLogging(upstream, method, reqId) {
 	});
 }
 //#endregion
-//#region src/proxy/inject.ts
-/** Extract the model name from a raw request body. Returns undefined if not parseable or absent. */
-function extractModel(rawBody) {
-	const json = tryParseBody(rawBody);
-	return typeof json?.model === "string" ? json.model : void 0;
-}
-/** Inject provider routing into request body, always overwriting existing value */
-function injectProvider(rawBody, providerRouting) {
-	if (rawBody.byteLength === 0) throw new Error("Request body is empty; cannot inject provider");
-	let json;
-	try {
-		json = JSON.parse(new TextDecoder().decode(rawBody));
-	} catch (parseError) {
-		throw new Error("Request body is not valid JSON; cannot inject provider", { cause: parseError });
-	}
-	const modified = {
-		...json,
-		provider: providerRouting
-	};
-	return new TextEncoder().encode(JSON.stringify(modified)).buffer;
-}
-//#endregion
-//#region src/proxy/paths.ts
+//#region src/proxy/utils/error.ts
 /**
-* Paths where provider routing is injected into the request body.
-* All three are OpenRouter-supported endpoints:
-*   /v1/chat/completions — OpenAI Chat Completions
-*   /v1/responses        — OpenAI Responses API
-*   /v1/messages         — Anthropic Messages API
-*/
-const INJECT_PATHS = new Set([
-	"/v1/chat/completions",
-	"/v1/responses",
-	"/v1/messages"
-]);
-/** Check if this request should have provider routing injected */
-function shouldInject(method, path) {
-	return method === "POST" && INJECT_PATHS.has(path);
-}
-/** Strip /v1 prefix from path: /v1/chat/completions → /chat/completions */
-function toUpstreamPath(pathname) {
-	if (pathname.startsWith("/v1")) return pathname.slice(3);
-	return pathname;
-}
-/** Build full upstream URL from request and config */
-function buildUpstreamUrl(requestUrl, config) {
-	const { pathname } = new URL(requestUrl);
-	return `${config.openrouterBaseUrl}${toUpstreamPath(pathname)}`;
-}
-//#endregion
-//#region src/proxy.ts
-function readRequestBody(method, raw, inject, providerRouting) {
-	if (["GET", "HEAD"].includes(method)) return void 0;
-	if (inject) return injectProvider(raw, providerRouting);
-	return raw.byteLength > 0 ? raw : void 0;
-}
-async function fetchUpstream(url, method, headers, body, signal) {
-	return fetch(url, {
-		method,
-		headers,
-		body,
-		signal,
-		duplex: body ? "half" : void 0
-	});
-}
-async function readRawBody(request, reqId) {
-	try {
-		return {
-			ok: true,
-			body: await request.arrayBuffer()
-		};
-	} catch (err) {
-		const message = err instanceof Error ? err.message : "Failed to read request body";
-		logger.error(withReq(reqId, message));
-		return {
-			ok: false,
-			response: Response.json({ error: {
-				message,
-				type: "proxy_request_error"
-			} }, { status: 400 })
-		};
-	}
-}
-function resolveRequest(rawBody, config, method, path, reqId) {
-	const modelName = extractModel(rawBody);
-	const resolved = resolveModelConfig(config, modelName);
-	const providerRouting = buildProviderRouting(resolved.provider);
-	const inject = shouldInject(method, path) && providerRouting !== void 0;
-	let body;
-	try {
-		body = readRequestBody(method, rawBody, inject, providerRouting);
-	} catch (err) {
-		const message = err instanceof Error ? err.message : "Failed to process request body";
-		logger.error(withReq(reqId, message));
-		return {
-			inject,
-			body: void 0,
-			modelName,
-			headers: resolved.headers,
-			error: new Response(JSON.stringify({ error: {
-				message,
-				type: "proxy_request_error"
-			} }), {
-				status: 400,
-				headers: { "Content-Type": "application/json" }
-			})
-		};
-	}
-	return {
-		inject,
-		body,
-		modelName,
-		headers: resolved.headers
-	};
-}
-/**
-* Extract a readable error detail from an upstream response body.
-*
 * OpenRouter error format:
-*   { error: { code: 400, message: "...", metadata: { raw: "...", provider_name: "..." } } }
-*
-* - `error.message` — human-readable summary
-* - `error.metadata.provider_name` — which provider caused it (null = OpenRouter itself)
-* - `error.metadata.raw` — the original provider error (most specific cause)
+*   { error: { code, message, metadata: { raw, provider_name } } }
 */
 function formatMetadata(meta) {
 	const parts = [];
@@ -14904,41 +14887,315 @@ function extractErrorDetail(bodyText) {
 	} catch {}
 	return bodyText;
 }
-async function executeUpstream(upstreamUrl, method, headers, body, signal, path, startedAt, reqId) {
-	let upstream;
-	try {
-		upstream = await fetchUpstream(upstreamUrl, method, headers, body, signal);
-	} catch (err) {
-		if (err instanceof DOMException && err.name === "AbortError") {
-			logger.warn(withReq(reqId, `Aborted: ${method} ${path}`));
-			return new Response(null, { status: 499 });
-		}
-		logger.error(withReq(reqId, "Upstream fetch error:"), err);
+//#endregion
+//#region src/proxy/middleware/forward-request.ts
+function buildErrorResponse(err, ctx) {
+	if (err instanceof TypeError) {
+		logger.error(withReq(ctx.reqId, "Upstream fetch error:"), err);
 		return Response.json({ error: {
 			message: "Proxy failed to reach upstream",
 			type: "proxy_upstream_error"
 		} }, { status: 502 });
 	}
-	if (upstream.status >= 400) {
-		const bodyText = await upstream.text();
-		const detail = extractErrorDetail(bodyText);
-		const truncated = detail.length > 300 ? `${detail.slice(0, 300)}…` : detail;
-		(upstream.status >= 500 ? logger.error : logger.warn)(withReq(reqId, `${method} ${path} ← ${upstream.status} (${Date.now() - startedAt}ms): ${truncated}`));
-		const responseHeaders = buildResponseHeaders(upstream.headers);
-		if (method === "HEAD") return new Response(null, {
-			status: upstream.status,
-			headers: responseHeaders
-		});
-		return new Response(bodyText, {
-			status: upstream.status,
-			headers: responseHeaders
+	if (err instanceof DOMException && err.name === "AbortError") {
+		logger.warn(withReq(ctx.reqId, `Aborted: ${ctx.method} ${ctx.path}`));
+		return new Response(null, { status: 499 });
+	}
+	throw err;
+}
+async function buildUpstreamErrorResponse(upstream, ctx) {
+	const bodyText = await upstream.text();
+	const detail = extractErrorDetail(bodyText);
+	const truncated = detail.length > 300 ? `${detail.slice(0, 300)}…` : detail;
+	(upstream.status >= 500 ? logger.error : logger.warn)(withReq(ctx.reqId, `${ctx.method} ${ctx.path} ← ${upstream.status} (${Date.now() - ctx.startedAt}ms): ${truncated}`));
+	const responseHeaders = buildResponseHeaders(upstream.headers);
+	if (ctx.method === "HEAD") return new Response(null, {
+		status: upstream.status,
+		headers: responseHeaders
+	});
+	return new Response(bodyText, {
+		status: upstream.status,
+		headers: responseHeaders
+	});
+}
+const forwardRequest = createMiddleware(async (c) => {
+	const { upstreamUrl, forwardBody, upstreamHeaders, reqId, path, startedAt, method } = c.var;
+	const ctx = {
+		reqId,
+		method,
+		path,
+		startedAt,
+		upstreamShort: upstreamUrl.replace(/^https?:\/\//, ""),
+		modelLog: c.var.modelName ? ` model=${c.var.modelName}` : "",
+		bodyMutated: c.var.bodyMutated
+	};
+	const controller = new AbortController();
+	const onClientAbort = () => controller.abort();
+	c.req.raw.signal.addEventListener("abort", onClientAbort);
+	logger.info(withReq(reqId, `${method} ${path} → ${ctx.upstreamShort}${ctx.bodyMutated ? " [inject]" : ""}${ctx.modelLog}`));
+	let upstream;
+	try {
+		upstream = await fetch(upstreamUrl, {
+			method,
+			headers: upstreamHeaders,
+			body: forwardBody,
+			signal: controller.signal,
+			...forwardBody ? { duplex: "half" } : {}
 		});
+	} catch (err) {
+		return buildErrorResponse(err, ctx);
+	} finally {
+		c.req.raw.signal.removeEventListener("abort", onClientAbort);
 	}
+	if (upstream.status >= 400) return buildUpstreamErrorResponse(upstream, ctx);
 	logger.info(withReq(reqId, `${method} ${path} ← ${upstream.status} (${Date.now() - startedAt}ms)`));
 	return buildUpstreamResponseWithLogging(upstream, method, reqId);
+});
+//#endregion
+//#region src/proxy/paths.ts
+const ENDPOINT_MAP = {
+	"/v1/chat/completions": "chat-completions",
+	"/v1/responses": "responses",
+	"/v1/messages": "messages"
+};
+const INJECT_PATHS = new Set(Object.keys(ENDPOINT_MAP));
+/** Endpoints that are natively Anthropic (cache_control is always safe regardless of model). */
+const ANTHROPIC_NATIVE_ENDPOINTS = new Set(["messages", "responses"]);
+function classifyEndpoint(pathname) {
+	return ENDPOINT_MAP[pathname] ?? "other";
+}
+function buildUpstreamUrl(pathname, config) {
+	return `${config.openrouterBaseUrl}${pathname}`;
+}
+//#endregion
+//#region src/proxy/utils/model.ts
+function isAnthropicModel(modelName) {
+	const lower = modelName.toLowerCase();
+	return lower.startsWith("anthropic/claude") || lower.startsWith("claude-");
+}
+//#endregion
+//#region src/proxy/utils/cache-control.ts
+function isAnthropicEndpoint(modelName, path) {
+	const endpoint = classifyEndpoint(path);
+	return ANTHROPIC_NATIVE_ENDPOINTS.has(endpoint) || isAnthropicModel(modelName ?? "");
 }
+function shouldInjectCacheControl(mode, modelName, path) {
+	if (mode === "never") return false;
+	if (mode === "always") return true;
+	return isAnthropicEndpoint(modelName, path);
+}
+const TTL_SECONDS = {
+	"5m": 300,
+	"1h": 3600
+};
+/**
+* Build cache_control value for injection.
+* Merges existing cache_control with configured TTL.
+* If TTL is configured and the endpoint is Anthropic, it always overrides.
+*/
+function buildCacheControl(existing, ttl, isAnthropic) {
+	const result = existing !== null && typeof existing === "object" && !Array.isArray(existing) ? { ...existing } : { type: "ephemeral" };
+	if (!("type" in result)) result.type = "ephemeral";
+	if (ttl && isAnthropic) result.ttl = TTL_SECONDS[ttl];
+	return result;
+}
+//#endregion
+//#region src/proxy/middleware/inject-cache-control.ts
+const injectCacheControl = createMiddleware(async (c, next) => {
+	const resolved = c.var.resolvedConfig;
+	const parsedBody = c.var.parsedBody;
+	if (!parsedBody) {
+		await next();
+		return;
+	}
+	if (shouldInjectCacheControl(resolved.cacheControl, c.var.modelName, c.var.path)) {
+		const isAnthropic = isAnthropicEndpoint(c.var.modelName, c.var.path);
+		parsedBody.cache_control = buildCacheControl(parsedBody.cache_control, resolved.cacheControlTtl, isAnthropic);
+		c.set("bodyMutated", true);
+	}
+	await next();
+});
+//#endregion
+//#region src/proxy/middleware/inject-provider.ts
+const injectProvider = createMiddleware(async (c, next) => {
+	const resolved = c.var.resolvedConfig;
+	const parsedBody = c.var.parsedBody;
+	if (!parsedBody || !resolved.provider) {
+		await next();
+		return;
+	}
+	const providerRouting = buildProviderRouting(resolved.provider);
+	if (providerRouting !== void 0) {
+		parsedBody.provider = providerRouting;
+		c.set("parsedBody", parsedBody);
+		c.set("bodyMutated", true);
+	}
+	await next();
+});
+//#endregion
+//#region src/proxy/utils/session-id.ts
+const PROXY_SESSION_ID = crypto.randomUUID();
+function extractConversationFingerprint(parsedBody, path) {
+	let system;
+	let user;
+	switch (classifyEndpoint(path)) {
+		case "responses":
+			system = parsedBody.instructions;
+			user = parsedBody.input;
+			break;
+		case "messages": {
+			system = parsedBody.system;
+			const messages = parsedBody.messages;
+			if (Array.isArray(messages)) user = messages.find((m) => m.role === "user" && m.content != null)?.content;
+			break;
+		}
+		default: {
+			const messages = parsedBody.messages;
+			if (Array.isArray(messages)) {
+				const firstSystem = messages.find((m) => (m.role === "system" || m.role === "developer") && m.content != null);
+				const firstUser = messages.find((m) => m.role === "user" && m.content != null);
+				system = firstSystem?.content;
+				user = firstUser?.content;
+			}
+		}
+	}
+	if (system == null && user == null) return null;
+	const safeStringify = (value) => {
+		try {
+			return JSON.stringify(value);
+		} catch {
+			return "";
+		}
+	};
+	const hash = createHash("sha256");
+	hash.update(String(parsedBody.model ?? ""));
+	if (system != null) hash.update(safeStringify(system));
+	if (user != null) hash.update(safeStringify(user));
+	return hash.digest("hex");
+}
+/**
+* Derive session ID for sticky routing from multiple sources:
+*
+* 1. `x-claude-code-session-id` header — Claude Code
+* 2. `session_id` from parsed body — Codex CLI (Responses API)
+* 3. hash(model + system + user) — content-based, per-conversation
+* 4. crypto.randomUUID() — fallback when no content available
+*/
+function deriveSessionId(incomingHeaders, parsedBody, path, mode) {
+	if (mode === "never") return void 0;
+	const fromHeader = incomingHeaders.get("x-claude-code-session-id");
+	if (fromHeader) return fromHeader.slice(0, 256);
+	if (parsedBody && typeof parsedBody.session_id === "string" && parsedBody.session_id.length > 0) return parsedBody.session_id;
+	if (parsedBody) {
+		const fingerprint = extractConversationFingerprint(parsedBody, path);
+		if (fingerprint) return fingerprint;
+	}
+	return PROXY_SESSION_ID;
+}
+//#endregion
+//#region src/proxy/middleware/inject-session-id.ts
+const injectSessionId = createMiddleware(async (c, next) => {
+	const mode = c.var.resolvedConfig.sessionId;
+	const sessionId = deriveSessionId(c.req.raw.headers, c.var.parsedBody, c.var.path, mode);
+	if (sessionId) c.set("effectiveSessionId", sessionId);
+	await next();
+});
+//#endregion
+//#region src/proxy/middleware/parse-body.ts
+const decoder = new TextDecoder();
+const parseBody = createMiddleware(async (c, next) => {
+	const rawBody = c.var.rawBody;
+	if (!rawBody || rawBody.byteLength === 0) {
+		c.set("parsedBody", void 0);
+		c.set("modelName", void 0);
+		await next();
+		return;
+	}
+	try {
+		const json = JSON.parse(decoder.decode(rawBody));
+		c.set("parsedBody", json);
+		c.set("modelName", typeof json.model === "string" ? json.model : void 0);
+	} catch {
+		logger.debug(withReq(c.var.reqId, "Failed to parse request body as JSON — skipping injection"));
+		c.set("parsedBody", void 0);
+		c.set("modelName", void 0);
+	}
+	await next();
+});
+//#endregion
+//#region src/proxy/middleware/read-body.ts
+function parseBodyLimit(limit) {
+	const match = limit.match(/^(\d+)\s*(kb|mb|gb)$/i);
+	if (!match) return Number.MAX_SAFE_INTEGER;
+	const n = parseInt(match[1], 10);
+	switch (match[2].toLowerCase()) {
+		case "kb": return n * 1024;
+		case "mb": return n * 1024 * 1024;
+		case "gb": return n * 1024 * 1024 * 1024;
+		default: return Number.MAX_SAFE_INTEGER;
+	}
+}
+const readBody = createMiddleware(async (c, next) => {
+	const method = c.var.method;
+	if (method === "GET" || method === "HEAD") {
+		c.set("rawBody", void 0);
+		await next();
+		return;
+	}
+	try {
+		const body = await c.req.raw.arrayBuffer();
+		const maxBytes = parseBodyLimit(c.var.config.bodyLimit);
+		if (body.byteLength > maxBytes) return c.json({ error: {
+			message: "Request body too large",
+			type: "proxy_request_error"
+		} }, { status: 413 });
+		c.set("rawBody", body.byteLength > 0 ? body : void 0);
+	} catch (err) {
+		const internalMessage = err instanceof Error ? err.message : "Failed to read request body";
+		logger.error(withReq(c.var.reqId, internalMessage));
+		return c.json({ error: {
+			message: "Failed to read request body",
+			type: "proxy_request_error"
+		} }, { status: 400 });
+	}
+	await next();
+});
+//#endregion
+//#region src/proxy/middleware/resolve-config.ts
+const resolveConfig = createMiddleware(async (c, next) => {
+	const resolved = resolveModelConfig(c.var.config, c.var.modelName);
+	c.set("resolvedConfig", resolved);
+	await next();
+});
+//#endregion
+//#region src/proxy/middleware/setup-request.ts
+const setupRequest = createMiddleware(async (c, next) => {
+	const method = c.req.method;
+	const { pathname, search } = new URL(c.req.url);
+	const path = `${pathname}${search}`;
+	c.set("reqId", requestId());
+	c.set("method", method);
+	c.set("path", path);
+	c.set("upstreamUrl", buildUpstreamUrl(path, c.var.config));
+	c.set("startedAt", Date.now());
+	c.set("bodyMutated", false);
+	await next();
+});
+//#endregion
+//#region src/proxy.ts
+const injectChain = [
+	parseBody,
+	resolveConfig,
+	injectProvider,
+	injectCacheControl,
+	injectSessionId
+];
 function createProxyServer(config, onReady) {
 	const app = new Hono();
+	app.use("*", async (c, next) => {
+		c.set("config", config);
+		await next();
+	});
 	app.get("/health", (c) => {
 		const globalRouting = buildProviderRouting(config.provider);
 		return c.json({
@@ -14948,23 +15205,15 @@ function createProxyServer(config, onReady) {
 			modelOverrides: config.modelOverrides ? Object.keys(config.modelOverrides) : []
 		});
 	});
-	app.all("*", async (c) => {
-		const method = c.req.method;
-		const path = new URL(c.req.url).pathname;
-		const upstreamUrl = buildUpstreamUrl(c.req.url, config);
-		const startedAt = Date.now();
-		const reqId = requestId();
-		const raw = await readRawBody(c.req.raw, reqId);
-		if (!raw.ok) return raw.response;
-		const resolved = resolveRequest(raw.body, config, method, path, reqId);
-		if (resolved.error) return resolved.error;
-		const headers = buildRequestHeaders(c.req.raw.headers, config, resolved.inject, resolved.headers);
-		const controller = new AbortController();
-		c.req.raw.signal.addEventListener("abort", () => controller.abort());
-		const upstreamShort = upstreamUrl.replace(/^https?:\/\//, "");
-		const modelLog = resolved.modelName ? ` model=${resolved.modelName}` : "";
-		logger.info(withReq(reqId, `${method} ${path} → ${upstreamShort}${resolved.inject ? " [inject]" : ""}${modelLog}`));
-		return executeUpstream(upstreamUrl, method, headers, resolved.body, controller.signal, path, startedAt, reqId);
+	for (const path of INJECT_PATHS) app.post(path, setupRequest, readBody, ...injectChain, buildUpstreamReq, forwardRequest);
+	app.all("*", setupRequest, readBody, resolveConfig, buildUpstreamReq, forwardRequest);
+	app.onError((err, c) => {
+		const reqId = c.var.reqId ?? "unknown";
+		logger.error(withReq(String(reqId), `Unhandled error: ${err.message}`));
+		return Response.json({ error: {
+			message: "Internal proxy error",
+			type: "proxy_internal_error"
+		} }, { status: 500 });
 	});
 	return serve({
 		fetch: app.fetch,
@@ -14996,7 +15245,7 @@ function startProxyServer(config, onReady) {
 }
 //#endregion
 //#region src/version.ts
-const version = "0.8.0";
+const version = "0.9.0-beta.1";
 //#endregion
 //#region src/cli.ts
 const argv = process.argv.slice(2);
@@ -15097,8 +15346,8 @@ const withClient = (fn) => async (args) => {
 			authType: cfg.authType,
 			onFallback: (path) => {
 				let endpoint;
-				if (path === "/providers") endpoint = "providers";
-				else if (path === "/models") endpoint = "models";
+				if (path === "/v1/providers") endpoint = "providers";
+				else if (path === "/v1/models") endpoint = "models";
 				else endpoint = "model providers";
 				logger.warn(`Custom API did not return ${endpoint}, using OpenRouter data as fallback`);
 			}