docs: add kiro oauth-model-alias examples for Claude model name compatibility#28
Closed
hpylsy wants to merge 177 commits into
Closed
docs: add kiro oauth-model-alias examples for Claude model name compatibility#28hpylsy wants to merge 177 commits into
hpylsy wants to merge 177 commits into
Conversation
- Simplify project ID selection to always use the backend project ID returned by Gemini onboarding - Update Gemini CLI version from 0.31.0 to 0.34.0 - Add 'terminal' to User-Agent string for better client identification Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ment Both branches assign finalProjectID = responseProjectID, so move the assignment outside the conditional and keep only the logging inside.
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
After a Codex CLI compact, the client sends a full conversation
transcript (with compaction items or assistant messages) as input.
Previously, normalizeResponseSubsequentRequest() unconditionally
merged this with stale lastRequest/lastResponseOutput, breaking
function_call/function_call_output pairings and causing 400 errors
("No tool output found for function call").
Add inputContainsFullTranscript() heuristic that detects compaction
items (type=compaction/compaction_summary) or assistant messages in
the input array, and bypasses the merge when a full transcript is
present.
Fixes router-for-me#2207
Custom headers configured under openai-compatibility (and any other provider passing through applyCustomHeaders) were silently dropped for the Host key, because Go's net/http reads the wire Host from req.Host, not req.Header["Host"]. As a result, virtual-host routed upstreams (e.g. LiteLLM behind an ingress) saw the base-url's host instead of the user-configured override and returned 404. Detect the Host key with http.CanonicalHeaderKey and assign it to req.Host so it is actually written on the wire. Other headers continue to use Header.Set as before. Fixes router-for-me#2833
Addressing the P1 note from the Codex reviewer: applyCustomHeaders is
also called with a synthetic &http.Request{Header: ...} from the
websockets executors (aistudio_executor.go, codex_websockets_executor.go),
which forward only the header map. The previous continue meant a custom
Host was dropped from that map, regressing virtual-host overrides on
those flows. Mirror the value to both r.Host (for real net/http) and
r.Header (for header-map-only consumers).
…ni, Claude, Codex, OpenAI, and Vertex
feat(api): integrate auth index into key retrieval endpoints for Gemi…
…dex-GPT and Codex-Gemini flows - Introduced `LastImageHashByItemID` in Codex-GPT and `LastImageHashByID` in Codex-Gemini for deduplication of generated images. - Added support for handling `partial_image` and `image_generation_call` types, with inline data embedding for Gemini and URL payload conversion for GPT. - Extended unit tests to verify image handling in both streaming and non-streaming modes.
…outer-for-me#2866) Anthropic has moved the 1M-context-window feature to General Availability, so the context-1m-2025-08-07 beta flag is no longer accepted and now causes 400 Bad Request errors when forwarded upstream. Remove the X-CPA-CLAUDE-1M detection and the corresponding injection of the now-invalid beta header. Also drop the unused net/textproto import that was only needed for the header-key lookup.
…remove-obsolete-1m-beta-header fix(executor): drop obsolete context-1m-2025-08-07 beta header
… links - Added VisionCoder sponsorship information to `README.md`, `README_CN.md`, and `README_JA.md`. - Updated external links to include `target="_blank"` for improved user experience. - Added new logo asset `visioncoder.png` for README use.
- Introduced `refreshIneffectiveBackoff` to prevent tight-looping in auto-refresh when token refresh fails to update expiry. - Adjusted refresh logic to apply backoff when `shouldRefresh` evaluates true. Closes: router-for-me#2830
- Refactored `/healthz` handler to support `HEAD` requests alongside `GET`. - Updated tests to include validation for `HEAD` requests with expected status and empty body. Closes: router-for-me#2929
…m-output-backfill fix(codex): backfill streaming response output
…t-host-header fix(util): forward custom Host header to upstream
- Added `GPT-Image-2` as a built-in model to avoid dependency on remote updates for Codex. - Updated model tier functions (`CodexFree`, `CodexTeam`, etc.) to include built-in models via `WithCodexBuiltins`. - Introduced new handlers for image generation and edit operations under `OpenAIAPIHandler`. - Extended tests to validate 503 response for unsupported image model requests.
…AI image handlers
Codex CLI gates the built-in image_generation tool behind
AuthMode::Chatgpt (OAuth only). When clients connect via API key
auth through CPA, the tool is absent from requests, making image
generation unavailable through the reverse proxy.
Changes:
1. Inject image_generation tool (codex_executor.go):
Add ensureImageGenerationTool() that appends
{"type":"image_generation","output_format":"png"} to the tools
array if not already present. Applied to all three execution
paths: Execute, executeCompact, and ExecuteStream.
2. Route aliases for Codex CLI direct access (server.go):
Add /backend-api/codex/responses routes that map to the same
OpenAI Responses API handlers as /v1/responses. This allows
Codex CLI to connect via chatgpt_base_url config while keeping
AuthMode::Chatgpt, which enables the built-in image_generation
tool on the client side.
3. Unit tests (codex_executor_imagegen_test.go):
Cover no-tools, existing tools, already-present, empty array,
and mixed built-in tool scenarios.
…r-usage-statistics docs: add CPA-Manager to usage statistics recommendations
- Updated all references from v6 to v7 for `github.com/router-for-me/CLIProxyAPI`. - Ensured consistency in imports within core libraries, tests, and integration tests. - Added missing tests for new features in Redis Protocol integration.
When auth-dir is not specified in config.yaml, ResolveAuthDir returns an empty string which causes os.MkdirAll to fail with no path. Use the documented default ~/.cli-proxy-api instead. Fixes router-for-me#3272
- Added new helper methods for OAuth session management (`RegisterOAuthSession`, `CompleteOAuthSession`, etc.). - Introduced `WriteConfig` for persisting management configurations. - Exported `Handler` type and `NewHandler` constructors for SDK consumers.
…e control plane - Introduced `-home` and `-home-password` flags for specifying home control plane address and authentication. - Implemented fetching and parsing configuration from the home control plane when `-home` is used. - Adjusted server configuration handling to bypass local config files when loading from home. - Ensured compatibility with cloud deploy mode and validation of home configurations.
- Introduced `disable_cooling` metadata field for fine-grained control over cooldown scheduling. - Updated `Auth` object to include `Metadata` with conditional logic for handling empty states. - Added YAML configuration support for `disable_cooling` in API key definitions across providers. - Enhanced unit tests to validate `disable_cooling` behavior in various scenarios.
…mplify session affinity logic
fix(executor): ignore null OpenAI stream usage chunks
fix: apply default auth-dir when config value is empty
- Updated `FileTokenStore` and related stores (`objectstore`, `gitstore`, `postgresstore`) to include the `disabled` flag in metadata for token storage. - Adjusted `Auth` metadata handling to initialize empty maps when absent. - Refined logic in `auto_refresh_loop` and `conductor` to exclude `disabled` tokens from refresh checks. - Added comprehensive unit tests to verify proper handling of the `disabled` flag in storage and retrieval operations.
…dling - Updated `EnsureIndex` logic to incorporate absolute and cleaned file paths when generating auth indexes. - Refined metadata handling to include OAuth type in auth index seed. - Improved compatibility for `json` file paths as sources in auth attributes. - Added unit tests to validate correct auth index behavior for various path and type scenarios.
…s-tool-output-context Fix Responses WebSocket tool output context repair
- Introduced `SetHomeEnabled` to enable/disable request-log forwarding to the home control plane. - Implemented `forwardRequestLogToHome` for non-streaming logs and `homeStreamingLogWriter` for real-time streaming logs. - Enhanced `FileRequestLogger` to bypass local logging when home forwarding is enabled. - Updated server configuration to dynamically toggle home request-log forwarding based on changes. - Added corresponding unit tests to ensure correct forwarding behavior and fallback mechanisms.
…ble usage statistics - Added `count` attribute to `homeAuthCount` requests to improve home message batching. - Enabled usage statistics for home mode by default and added config-level enforcement. - Adjusted failure logging to include detailed metadata in `UsageReporter`. - Updated multiple executors to pass error details to `PublishFailure` for better debugging. - Enhanced unit tests to validate `count` behavior and usage statistics enforcement across components.
…ve error handling in home mode - Introduced `shouldReturnLastErrorOnPickFailure` to streamline error return logic during provider selection. - Added `isHomeRequestRetryExceededError` for better home-specific error classification. - Updated fallback conditions to enhance error handling clarity in `pickNextMixed`.
…upport - Introduced `homeRuntimeAuths` to cache home auths for websocket session reuse. - Updated `pickNextViaHome` to prioritize cached auths for pinned websocket sessions. - Implemented automatic clearing of cached home auths when home mode is disabled. - Added unit tests to validate caching behavior, clearing logic, and fallback scenarios.
…ef counting - Added `homeRuntimeAuthSessions` and `homeRuntimeAuthRefs` for scoped caching of home auths per session. - Updated `pickNextViaHome` to prevent reuse of already-tried pinned auths during session retries. - Implemented reference counting for shared auths across multiple sessions to improve memory management. - Enhanced session cleanup logic to clear cached auths only when all referencing sessions are closed. - Added unit tests to validate scoped caching, retry logic, and session cleanup behavior.
…counting - Consolidated `homeRuntimeAuths` to store a map of session-scoped auth maps, replacing `homeRuntimeAuthSessions` and `homeRuntimeAuthRefs`. - Adjusted session cleanup logic to directly remove session-scoped auths without reference counting. - Added `GetExecutionSessionAuthByID` to retrieve auths scoped to a specific execution session. - Updated tests to reflect the new session-scoped caching behavior.
- Introduced `logHomeConfigChanges` to compare old and new configs, logging detected differences. - Leveraged `diff.BuildConfigChangeDetails` for structured change detection. - Adjusted logging behavior to enable debug-level logs dynamically when required.
Add example configuration for mapping Kiro OAuth models to standard Claude model names (without the kiro- prefix). This enables clients to use familiar model names like 'claude-opus-4-7' instead of 'kiro-claude-opus-4-7'. Without this alias configuration, Kiro models are only accessible via their kiro-prefixed names (e.g. kiro-claude-opus-4-7), which may not be recognized by clients expecting standard Anthropic model names. Example mappings added: - kiro-claude-opus-4-7 → claude-opus-4-7 - kiro-claude-opus-4-7-agentic → claude-opus-4-7-agentic - kiro-claude-sonnet-4-6 → claude-sonnet-4-6 - kiro-claude-sonnet-4-5 → claude-sonnet-4-5
|
This pull request targeted The base branch has been automatically changed to |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Kiro OAuth models are discovered at runtime with a
kiro-prefix (e.g.kiro-claude-opus-4-7). Without explicitoauth-model-aliasconfiguration, these models are only accessible via their prefixed names. Clients expecting standard Anthropic model names (e.g.claude-opus-4-7) cannot route requests to Kiro.For example,
claude-opus-4-6works because it has an alias mapping, butclaude-opus-4-7does not — even thoughkiro-claude-opus-4-7is available in the model list.Solution
Add a
kirosection to theoauth-model-aliasexamples inconfig.example.yaml, demonstrating how to map Kiro models to standard Claude names usingfork: true.Example
This makes both
kiro-claude-opus-4-7andclaude-opus-4-7available in/v1/models, so clients can use either name.Verified
Tested on a live server — after adding the alias config and restarting,
/v1/modelscorrectly shows both the prefixed and unprefixed model names.