Merge upstream/main (auto-sync feat/copilot)

- 3c773b6 feat(auto-updater): refactor skip logic and add unit tests for autoUpdateSkipReason
- 1ca048a feat(auth, interceptor, jshandler): add post-auth request interceptors and enhance format handling
- 58bf645 feat(translator): ensure correct finish_reason handling for all response chunks
- dc04d8b feat(translator): enhance response aggregation and annotation handling
- 4cbd500 feat(service): add XAIExecutor to home executors registration
- ca1f627 feat(executor): refactor executor registration
- 9985976 feat(translator, pluginhost): add stream-specific response transformation support
- 030c4a9 Merge pull request router-for-me#3795 from router-for-me/webui
- ac4017e Merge branch 'dev' of github.com:router-for-me/CLIProxyAPI into dev

Author: github-actions[bot]

examples/plugin/jshandler/README.md

@@ -4,7 +4,7 @@ A CLIProxyAPI plugin that executes external JavaScript scripts to intercept and
 
 ## Features
 
-- **Request Interception** (`on_before_request`): Modify request payloads and headers before upstream delivery.
+- **Request Interception** (`on_before_request`, `on_after_auth_request`): Modify request payloads and headers before and after credential selection.
 - **Response Interception** (`on_after_nonstream_response`): Modify non-streaming response bodies and headers.
 - **Stream Chunk Interception** (`on_after_stream_response`): Modify individual streaming chunks with read-only `history_chunks` context.
 - **Hot Reload**: Scripts are automatically reloaded when modified on disk.
@@ -40,7 +40,7 @@ Scripts can export these global functions:
 
 ### `on_before_request(ctx)`
 
-Called before the request is sent upstream.
+Called before credential selection. At this point the target upstream protocol is not selected yet.
 
 **ctx structure:**
 ```javascript
@@ -50,7 +50,31 @@ Called before the request is sent upstream.
     "headers": {},        // Request headers
     "url": "",
     "model": "gpt-4",
-    "protocol": "openai"
+    "protocol": "openai",
+    "source_format": "openai",
+    "sourceFormat": "openai",
+    "to_format": "",
+    "toFormat": ""
+}
+```
+
+### `on_after_auth_request(ctx)`
+
+Called after credential selection and before request translation, request normalization, and built-in payload configuration.
+
+**ctx structure:**
+```javascript
+{
+    "id": "request-id",
+    "body": "...",             // Request body string
+    "headers": {},             // Request headers
+    "url": "",
+    "model": "gpt-4",
+    "protocol": "openai",      // Same as source_format
+    "source_format": "openai",
+    "sourceFormat": "openai",
+    "to_format": "codex",
+    "toFormat": "codex"
 }
 ```
 

examples/plugin/jshandler/abi.go

@@ -218,7 +218,14 @@ func handleJSHandlerABIMethod(ctx context.Context, method string, request []byte
 		if errDecode := json.Unmarshal(request, &req); errDecode != nil {
 			return nil, errDecode
 		}
-		resp, errCall := p.interceptRequest(ctx, req.RequestInterceptRequest, req.HostCallbackID)
+		resp, errCall := p.interceptRequest(ctx, req.RequestInterceptRequest, "on_before_request", req.HostCallbackID)
+		return abiOKEnvelopeWithError(resp, errCall)
+	case pluginabi.MethodRequestInterceptAfter:
+		var req abiRequestInterceptRequest
+		if errDecode := json.Unmarshal(request, &req); errDecode != nil {
+			return nil, errDecode
+		}
+		resp, errCall := p.interceptRequest(ctx, req.RequestInterceptRequest, "on_after_auth_request", req.HostCallbackID)
 		return abiOKEnvelopeWithError(resp, errCall)
 	case pluginabi.MethodResponseInterceptAfter:
 		var req abiResponseInterceptRequest

examples/plugin/jshandler/go.mod

@@ -16,3 +16,5 @@ require (
 	golang.org/x/sys v0.38.0 // indirect
 	golang.org/x/text v0.31.0 // indirect
 )
+
+replace github.com/router-for-me/CLIProxyAPI/v7 => ../../..

examples/plugin/jshandler/interceptor.go

@@ -44,11 +44,15 @@ func (p *jsHandlerPlugin) allScriptPaths() []string {
 	return paths
 }
 
-func (p *jsHandlerPlugin) InterceptRequest(ctx context.Context, req pluginapi.RequestInterceptRequest) (pluginapi.RequestInterceptResponse, error) {
-	return p.interceptRequest(ctx, req, "")
+func (p *jsHandlerPlugin) InterceptRequestBeforeAuth(ctx context.Context, req pluginapi.RequestInterceptRequest) (pluginapi.RequestInterceptResponse, error) {
+	return p.interceptRequest(ctx, req, "on_before_request", "")
 }
 
-func (p *jsHandlerPlugin) interceptRequest(ctx context.Context, req pluginapi.RequestInterceptRequest, hostCallbackID string) (pluginapi.RequestInterceptResponse, error) {
+func (p *jsHandlerPlugin) InterceptRequestAfterAuth(ctx context.Context, req pluginapi.RequestInterceptRequest) (pluginapi.RequestInterceptResponse, error) {
+	return p.interceptRequest(ctx, req, "on_after_auth_request", "")
+}
+
+func (p *jsHandlerPlugin) interceptRequest(ctx context.Context, req pluginapi.RequestInterceptRequest, hookName, hostCallbackID string) (pluginapi.RequestInterceptResponse, error) {
 	resp := pluginapi.RequestInterceptResponse{}
 	scriptPaths := p.allScriptPaths()
 	if len(scriptPaths) == 0 {
@@ -64,7 +68,7 @@ func (p *jsHandlerPlugin) interceptRequest(ctx context.Context, req pluginapi.Re
 		if scriptPath == "" {
 			continue
 		}
-		processed, cleared, errJS := p.applyJSBeforeRequest(scriptPath, []byte(body), req.Model, req.SourceFormat, headers, hostCallbackID)
+		processed, cleared, errJS := p.applyJSRequestHook(scriptPath, hookName, []byte(body), req.Model, req.SourceFormat, req.ToFormat, headers, hostCallbackID)
 		if errJS != nil {
 			log.Warnf("failed to execute JS request interceptor [%s]: %v", scriptPath, errJS)
 			continue
@@ -197,7 +201,7 @@ func (p *jsHandlerPlugin) interceptStreamChunk(ctx context.Context, req pluginap
 	return resp, nil
 }
 
-func (p *jsHandlerPlugin) applyJSBeforeRequest(scriptPath string, payloadBytes []byte, model, protocol string, headers http.Header, hostCallbackID string) ([]byte, []string, error) {
+func (p *jsHandlerPlugin) applyJSRequestHook(scriptPath, hookName string, payloadBytes []byte, model, sourceFormat, toFormat string, headers http.Header, hostCallbackID string) ([]byte, []string, error) {
 	program, err := getJSProgram(scriptPath)
 	if err != nil {
 		return nil, nil, err
@@ -211,20 +215,24 @@ func (p *jsHandlerPlugin) applyJSBeforeRequest(scriptPath string, payloadBytes [
 	headersMap := headerToAnyMap(headers)
 
 	jsCtx := map[string]any{
-		"id":       generateRequestID(),
-		"body":     string(payloadBytes),
-		"headers":  headersMap,
-		"url":      "",
-		"model":    model,
-		"protocol": protocol,
+		"id":            generateRequestID(),
+		"body":          string(payloadBytes),
+		"headers":       headersMap,
+		"url":           "",
+		"model":         model,
+		"protocol":      sourceFormat,
+		"source_format": sourceFormat,
+		"to_format":     toFormat,
+		"sourceFormat":  sourceFormat,
+		"toFormat":      toFormat,
 	}
 
-	jsVal, errCall := engine.callFunction("on_before_request", p.cfg.Timeout, jsCtx)
+	jsVal, errCall := engine.callFunction(hookName, p.cfg.Timeout, jsCtx)
 	if errCall != nil {
 		if errors.Is(errCall, ErrFunctionNotFound) {
 			return payloadBytes, nil, nil
 		}
-		return nil, nil, fmt.Errorf("on_before_request failed for %s: %w", scriptPath, errCall)
+		return nil, nil, fmt.Errorf("%s failed for %s: %w", hookName, scriptPath, errCall)
 	}
 
 	if jsVal == nil || goja.IsUndefined(jsVal) || goja.IsNull(jsVal) {

examples/plugin/jshandler/interceptor_test.go

@@ -25,16 +25,18 @@ function on_before_request(ctx) {
 
 	plugin := &jsHandlerPlugin{cfg: defaultJSHandlerConfig()}
 	headers := http.Header{"X-Plugin": []string{"original"}}
-	processed, _, errApply := plugin.applyJSBeforeRequest(
+	processed, _, errApply := plugin.applyJSRequestHook(
 		scriptPath,
+		"on_before_request",
 		[]byte(`{"messages":[{"role":"user","content":"contains sensitive_word"}]}`),
 		"gpt-test",
 		"openai",
+		"",
 		headers,
 		"",
 	)
 	if errApply != nil {
-		t.Fatalf("applyJSBeforeRequest() error = %v", errApply)
+		t.Fatalf("applyJSRequestHook() error = %v", errApply)
 	}
 	if body := string(processed); !strings.Contains(body, "safe_word") || strings.Contains(body, "sensitive_word") {
 		t.Fatalf("processed body = %q, want sensitive word rewritten", body)
@@ -44,6 +46,50 @@ function on_before_request(ctx) {
 	}
 }
 
+func TestApplyJSAfterAuthRequestReceivesFormats(t *testing.T) {
+	scriptPath := filepath.Join(t.TempDir(), "after_auth.js")
+	script := `
+function on_after_auth_request(ctx) {
+    if (ctx.source_format !== "openai" || ctx.to_format !== "codex") {
+        throw new Error("unexpected formats: " + ctx.source_format + " -> " + ctx.to_format);
+    }
+    if (ctx.sourceFormat !== "openai" || ctx.toFormat !== "codex") {
+        throw new Error("unexpected camel formats: " + ctx.sourceFormat + " -> " + ctx.toFormat);
+    }
+    var req = JSON.parse(ctx.body);
+    req.after_auth = ctx.source_format + "_to_" + ctx.to_format;
+    ctx.headers["X-Protocol"] = req.after_auth;
+    ctx.body = JSON.stringify(req);
+    return ctx;
+}
+`
+	if errWrite := os.WriteFile(scriptPath, []byte(script), 0600); errWrite != nil {
+		t.Fatalf("os.WriteFile() error = %v", errWrite)
+	}
+
+	plugin := &jsHandlerPlugin{cfg: defaultJSHandlerConfig()}
+	headers := http.Header{}
+	processed, _, errApply := plugin.applyJSRequestHook(
+		scriptPath,
+		"on_after_auth_request",
+		[]byte(`{"model":"gpt-test"}`),
+		"gpt-test",
+		"openai",
+		"codex",
+		headers,
+		"",
+	)
+	if errApply != nil {
+		t.Fatalf("applyJSRequestHook() error = %v", errApply)
+	}
+	if body := string(processed); !strings.Contains(body, `"after_auth":"openai_to_codex"`) {
+		t.Fatalf("processed body = %q, want after_auth marker", body)
+	}
+	if got := headers.Get("X-Protocol"); got != "openai_to_codex" {
+		t.Fatalf("header X-Protocol = %q, want openai_to_codex", got)
+	}
+}
+
 func TestApplyJSAfterResponseUsesFrozenNativeHistoryChunks(t *testing.T) {
 	scriptPath := filepath.Join(t.TempDir(), "stream.js")
 	script := `

examples/plugin/jshandler/scripts/copilot_handler.js

@@ -17,6 +17,14 @@ function on_before_request(ctx) {
     return ctx;
 }
 
+function on_after_auth_request(ctx) {
+    console.log("[" + ctx.id + "] Selected request protocol: " + ctx.source_format + " -> " + ctx.to_format);
+    if (ctx.source_format === "openai" && ctx.to_format === "codex") {
+        ctx.headers["X-JS-Handler-Protocol"] = "openai-to-codex";
+    }
+    return ctx;
+}
+
 function parse_stream_chunk(chunk) {
     var leading = "";
     var payload = chunk.trim();

internal/managementasset/updater.go

@@ -81,16 +81,8 @@ func runAutoUpdater(ctx context.Context) {
 
 	runOnce := func() {
 		cfg := currentConfigPtr.Load()
-		if cfg == nil {
-			log.Debug("management asset auto-updater skipped: config not yet available")
-			return
-		}
-		if cfg.RemoteManagement.DisableControlPanel {
-			log.Debug("management asset auto-updater skipped: control panel disabled")
-			return
-		}
-		if cfg.RemoteManagement.DisableAutoUpdatePanel {
-			log.Debug("management asset auto-updater skipped: disable-auto-update-panel is enabled")
+		if reason, skip := autoUpdateSkipReason(cfg); skip {
+			log.Debugf("management asset auto-updater skipped: %s", reason)
 			return
 		}
 
@@ -111,6 +103,22 @@ func runAutoUpdater(ctx context.Context) {
 	}
 }
 
+func autoUpdateSkipReason(cfg *config.Config) (string, bool) {
+	if cfg == nil {
+		return "config not yet available", true
+	}
+	if cfg.Home.Enabled {
+		return "cluster mode enabled", true
+	}
+	if cfg.RemoteManagement.DisableControlPanel {
+		return "control panel disabled", true
+	}
+	if cfg.RemoteManagement.DisableAutoUpdatePanel {
+		return "disable-auto-update-panel is enabled", true
+	}
+	return "", false
+}
+
 func newHTTPClient(proxyURL string) *http.Client {
 	client := &http.Client{Timeout: 15 * time.Second}
 

internal/managementasset/updater_test.go

@@ -0,0 +1,62 @@
+package managementasset
+
+import (
+	"testing"
+
+	"github.com/router-for-me/CLIProxyAPI/v7/internal/config"
+)
+
+func TestAutoUpdateSkipReason(t *testing.T) {
+	tests := []struct {
+		name       string
+		cfg        *config.Config
+		wantReason string
+		wantSkip   bool
+	}{
+		{
+			name:       "nil config",
+			cfg:        nil,
+			wantReason: "config not yet available",
+			wantSkip:   true,
+		},
+		{
+			name: "cluster mode",
+			cfg: &config.Config{
+				Home: config.HomeConfig{Enabled: true},
+			},
+			wantReason: "cluster mode enabled",
+			wantSkip:   true,
+		},
+		{
+			name: "control panel disabled",
+			cfg: &config.Config{
+				RemoteManagement: config.RemoteManagement{DisableControlPanel: true},
+			},
+			wantReason: "control panel disabled",
+			wantSkip:   true,
+		},
+		{
+			name: "auto update disabled",
+			cfg: &config.Config{
+				RemoteManagement: config.RemoteManagement{DisableAutoUpdatePanel: true},
+			},
+			wantReason: "disable-auto-update-panel is enabled",
+			wantSkip:   true,
+		},
+		{
+			name:       "enabled",
+			cfg:        &config.Config{},
+			wantReason: "",
+			wantSkip:   false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			gotReason, gotSkip := autoUpdateSkipReason(tt.cfg)
+			if gotReason != tt.wantReason || gotSkip != tt.wantSkip {
+				t.Fatalf("autoUpdateSkipReason() = (%q, %t), want (%q, %t)", gotReason, gotSkip, tt.wantReason, tt.wantSkip)
+			}
+		})
+	}
+}