[refactor/base-token-storage-v2] style: gofmt import ordering in utls_transport.go#894
Merged
KooshaPari merged 8 commits intomainfrom Mar 25, 2026
Merged
Conversation
…#824) * centralize provider alias normalization in cliproxyctl * chore(airlock): track default workflow config Co-authored-by: Codex <noreply@openai.com> * chore(artifacts): remove stale AI tooling artifacts Co-authored-by: Codex <noreply@openai.com> * refactor: phase 2B decomposition - extract kiro auth module and migrate qwen to BaseTokenStorage Phase 2B decomposition of cliproxyapi++ kiro_executor.go (4,691 LOC): Core Changes: - Created pkg/llmproxy/executor/kiro_auth.go: Extracted auth-specific functions from kiro_executor.go * kiroCredentials() - Extract access token and profile ARN from auth objects * getTokenKey() - Generate unique rate limiting keys from auth credentials * isIDCAuth() - Detect IDC vs standard auth methods * applyDynamicFingerprint() - Apply token-specific or static User-Agent headers * PrepareRequest() - Prepare HTTP requests with auth headers * HttpRequest() - Execute authenticated HTTP requests * Refresh() - Perform OAuth2 token refresh (SSO OIDC or Kiro OAuth) * persistRefreshedAuth() - Persist refreshed tokens to file (atomic write) * reloadAuthFromFile() - Reload auth from file for background refresh support * isTokenExpired() - Decode and check JWT token expiration Auth Provider Migration: - Migrated pkg/llmproxy/auth/qwen/qwen_token.go to use BaseTokenStorage * Reduced duplication by embedding auth.BaseTokenStorage * Removed redundant token management code (Save, Load, Clear) * Added NewQwenTokenStorage() constructor for consistent initialization * Preserved ResourceURL as Qwen-specific extension field * Refactored SaveTokenToFile() to use BaseTokenStorage.Save() Design Rationale: - Auth extraction into kiro_auth.go sets foundation for clean separation of concerns: * Core execution logic (kiro_executor.go) * Authentication flow (kiro_auth.go) * Streaming/SSE handling (future: kiro_streaming.go) * Request/response transformation (future: kiro_transform.go) - Qwen migration demonstrates pattern for remaining providers (openrouter, xai, deepseek) - BaseTokenStorage inheritance reduces maintenance burden and promotes consistency Related Infrastructure: - Graceful shutdown already implemented in cmd/server/main.go via signal.NotifyContext - Server.Run() in SDK handles SIGINT/SIGTERM with proper HTTP server shutdown - No changes needed for shutdown handling in this phase Notes for Follow-up: - Future commits should extract streaming logic from kiro_executor.go lines 1078-3615 - Transform logic extraction needed for lines 527-542 and related payload handling - Consider kiro token.go for BaseTokenStorage migration (domain-specific fields: AuthMethod, Provider, ClientID) - Complete vertex token migration (service account credentials pattern) Testing: - Code formatting verified (go fmt) - No pre-existing build issues introduced - Build failures are pre-existing in canonical main Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Airlock: auto-fixes from Lint & Format Fixes --------- Co-authored-by: Codex <noreply@openai.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…825) Split the 4691-line kiro_executor.go into three focused files: - kiro_transform.go (~470 LOC): endpoint config types, region resolution, payload builders (buildKiroPayloadForFormat, sanitizeKiroPayload), model mapping (mapModelToKiro), credential extraction (kiroCredentials), and auth-method helpers (getEffectiveProfileArnWithWarning, isIDCAuth). - kiro_streaming.go (~2990 LOC): streaming execution (ExecuteStream, executeStreamWithRetry), AWS Event Stream parsing (parseEventStream, readEventStreamMessage, extractEventTypeFromBytes), channel-based streaming (streamToChannel), and the full web search MCP handler (handleWebSearchStream, handleWebSearch, callMcpAPI, etc.). - kiro_executor.go (~1270 LOC): core executor struct (KiroExecutor), HTTP client pool, retry logic, Execute/executeWithRetry, CountTokens, Refresh, and token persistence helpers. All functions remain in the same package; no public API changes. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Ports the cliproxy adapter responsibilities from thegent Python code
(cliproxy_adapter.py, cliproxy_error_utils.py, cliproxy_header_utils.py,
cliproxy_models_transform.py) into a canonical Go SDK package so consumers
no longer need to reimplement raw HTTP calls.
pkg/llmproxy/client/ provides:
- client.go — Client with Health, ListModels, ChatCompletion, Responses
- types.go — Request/response types + Option wiring
- client_test.go — 13 httptest-based unit tests (all green)
Handles both proxy-normalised {"models":[...]} and raw OpenAI
{"data":[...]} shapes, propagates x-models-etag, surfaces APIError
with status code and structured message, and enforces non-streaming on
all methods (streaming is left to callers via net/http directly).
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* centralize provider alias normalization in cliproxyctl * chore(airlock): track default workflow config Co-authored-by: Codex <noreply@openai.com> * chore(artifacts): remove stale AI tooling artifacts Co-authored-by: Codex <noreply@openai.com> * feat(deps): migrate from phenotype-go-kit monolith to phenotype-go-auth Replace the monolithic phenotype-go-kit/pkg/auth import with the standalone phenotype-go-auth module across all auth token storage implementations (claude, copilot, gemini). Update go.mod to: - Remove: github.com/KooshaPari/phenotype-go-kit v0.0.0 - Add: github.com/KooshaPari/phenotype-go-auth v0.0.0 - Update replace directive to point to template-commons/phenotype-go-auth Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Codex <noreply@openai.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Add pkg/llmproxy/auth/base/token_storage.go with BaseTokenStorage, which centralises the Save/Load/Clear file-I/O logic that was duplicated across every auth provider. Key design points: - Save() uses an atomic write (temp file + os.Rename) to prevent partial reads - Load() and Clear() are idempotent helpers for callers that load/clear credentials - GetAccessToken/RefreshToken/Email/Type accessor methods satisfy the common interface - FilePath field is runtime-only (json:"-") so it never bleeds into persisted JSON Migrate claude, copilot, gemini, codex, kimi, kilo, and iflow providers to embed *base.BaseTokenStorage. Each provider's SaveTokenToFile() now delegates to base.Save() after setting its Type field. Struct literals in *_auth.go callers updated to use the nested BaseTokenStorage initialiser. Skipped: qwen (already has own helper), vertex (service-account JSON format), kiro (custom symlink guards), empty (no-op), antigravity/synthesizer/diff (no token storage). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
Warning You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again! |
|
Warning Rate limit exceeded
⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (30)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Auto-generated PR for branch refactor/base-token-storage-v2.
Test plan
N/A (Auto-generated)