feat: Introduce standard request normalization and response building for OpenAI and Claude, enhance tool call streaming, and improve caller identification.

2026-05-18 23:25:10 +08:00 · 2026-02-18 23:35:17 +08:00
parent 3a75b75ae0
commit eb253a9d3a
18 changed files with 805 additions and 155 deletions
--- a/internal/auth/request.go
+++ b/internal/auth/request.go
@@ -2,6 +2,8 @@ package auth

 import (
 	"context"
+	"crypto/sha256"
+	"encoding/hex"
 	"errors"
 	"net/http"
 	"strings"
@@ -22,6 +24,7 @@ var (
 type RequestAuth struct {
 	UseConfigToken bool
 	DeepSeekToken  string
+	CallerID       string
 	AccountID      string
 	Account        config.Account
 	TriedAccounts  map[string]bool
@@ -45,9 +48,16 @@ func (r *Resolver) Determine(req *http.Request) (*RequestAuth, error) {
 	if callerKey == "" {
 		return nil, ErrUnauthorized
 	}
+	callerID := callerTokenID(callerKey)
 	ctx := req.Context()
 	if !r.Store.HasAPIKey(callerKey) {
-		return &RequestAuth{UseConfigToken: false, DeepSeekToken: callerKey, resolver: r, TriedAccounts: map[string]bool{}}, nil
+		return &RequestAuth{
+			UseConfigToken: false,
+			DeepSeekToken:  callerKey,
+			CallerID:       callerID,
+			resolver:       r,
+			TriedAccounts:  map[string]bool{},
+		}, nil
 	}
 	target := strings.TrimSpace(req.Header.Get("X-Ds2-Target-Account"))
 	acc, ok := r.Pool.AcquireWait(ctx, target, nil)
@@ -56,6 +66,7 @@ func (r *Resolver) Determine(req *http.Request) (*RequestAuth, error) {
 	}
 	a := &RequestAuth{
 		UseConfigToken: true,
+		CallerID:       callerID,
 		AccountID:      acc.Identifier(),
 		Account:        acc,
 		TriedAccounts:  map[string]bool{},
@@ -158,3 +169,12 @@ func extractCallerToken(req *http.Request) string {
 	}
 	return strings.TrimSpace(req.Header.Get("x-api-key"))
 }
+
+func callerTokenID(token string) string {
+	token = strings.TrimSpace(token)
+	if token == "" {
+		return ""
+	}
+	sum := sha256.Sum256([]byte(token))
+	return "caller:" + hex.EncodeToString(sum[:8])
+}
--- a/internal/auth/request_test.go
+++ b/internal/auth/request_test.go
@@ -37,6 +37,9 @@ func TestDetermineWithXAPIKeyUsesDirectToken(t *testing.T) {
 	if auth.DeepSeekToken != "direct-token" {
 		t.Fatalf("unexpected token: %q", auth.DeepSeekToken)
 	}
+	if auth.CallerID == "" {
+		t.Fatalf("expected caller id to be populated")
+	}
 }

 func TestDetermineWithXAPIKeyManagedKeyAcquiresAccount(t *testing.T) {
@@ -58,6 +61,24 @@ func TestDetermineWithXAPIKeyManagedKeyAcquiresAccount(t *testing.T) {
 	if auth.DeepSeekToken != "account-token" {
 		t.Fatalf("unexpected account token: %q", auth.DeepSeekToken)
 	}
+	if auth.CallerID == "" {
+		t.Fatalf("expected caller id to be populated")
+	}
+}
+
+func TestCallerTokenIDStable(t *testing.T) {
+	a := callerTokenID("token-a")
+	b := callerTokenID("token-a")
+	c := callerTokenID("token-b")
+	if a == "" || b == "" || c == "" {
+		t.Fatalf("expected non-empty caller ids")
+	}
+	if a != b {
+		t.Fatalf("expected stable caller id, got %q and %q", a, b)
+	}
+	if a == c {
+		t.Fatalf("expected different caller id for different tokens")
+	}
 }

 func TestDetermineMissingToken(t *testing.T) {