Skip to content

Harden iFlow proxy requests to match CLI behavior#142

Open
redzrush101 wants to merge 6 commits intoMirrowel:devfrom
redzrush101:iflow-cli-spoof-port
Open

Harden iFlow proxy requests to match CLI behavior#142
redzrush101 wants to merge 6 commits intoMirrowel:devfrom
redzrush101:iflow-cli-spoof-port

Conversation

@redzrush101
Copy link

@redzrush101 redzrush101 commented Feb 26, 2026
edited by ellipsis-dev bot
Loading

Summary

  • Port iFlow CLI-style anti-block request behavior into the iFlow provider used by LLM-API-Key-Proxy.
  • Add signed-header handling with a one-shot 406 retry without signature plus upstream API base fallback support.
  • Fix env-based OAuth credential loading/refresh handling and include glm-5 in iFlow hardcoded models.

Validation

  • Ran compile checks for modified provider files.
  • Started proxy with OAuth creds provided via environment variables from oauth_creds.json mapping.
  • Verified streaming calls through proxy endpoint for iflow/glm-5 and iflow/kimi-k2.5.

Important

Enhance iFlow proxy requests to match CLI behavior with improved signed-header handling, OAuth credential management, and API base fallback support.

  • Behavior:
    • Port CLI-style anti-block request behavior into iFlow provider in iflow_provider.py.
    • Add signed-header handling with a one-shot 406 retry without signature and upstream API base fallback.
    • Fix OAuth credential loading/refresh from environment variables in iflow_auth_base.py.
  • Models:
    • Include glm-5 in hardcoded models in iflow_provider.py.
  • Functions:
    • Add get_api_base_candidates() and get_api_base() in iflow_auth_base.py for API base URL management.
    • Modify _refresh_token() in iflow_auth_base.py to handle env-loaded credentials without file IO.
    • Update get_api_details() in iflow_auth_base.py to support env-based credentials.
    • Enhance _build_iflow_headers() in iflow_provider.py to include optional signature headers.
    • Implement _should_fallback_base() in iflow_provider.py for handling specific HTTP status codes.
  • Misc:
    • Verify streaming calls for iflow/glm-5 and iflow/kimi-k2.5 through proxy endpoint.

This description was created by Ellipsis for 97e1449. You can customize this summary. It will automatically update as commits are pushed.

Harden iFlow proxy requests to match CLI behavior
97e1449 
Add signed-header fallback and base-url failover while fixing env OAuth credential loading/refresh so proxy calls are less likely to get blocked.
@Mirrowel
Copy link
Owner

Mirrowel commented Feb 27, 2026

Gotta give it a couple of days to verify

MasuRii added a commit to MasuRii/LLM-API-Key-Proxy that referenced this pull request Feb 27, 2026
@MasuRii
Merge pull request Mirrowel#142 from Mirrowel/dev
6a450af 
Resolve conflicts in iFlow provider by preserving existing retry/context-failure handling while integrating PR Mirrowel#142 signed-header fallback and base URL failover logic.
@redzrush101
Copy link
Author

redzrush101 commented Feb 27, 2026

Gotta give it a couple of days to verify

ye good

Complete iFlow CLI parity and restore thinking behavior
407032e 
Consolidate follow-up fixes after initial hardening: add captured-header parity and metadata propagation, preserve usage details, introduce sticky session/conversation IDs, and fix reasoning regressions by removing forced disabled-thinking defaults while enabling thinking by default.
yassin and others added 4 commits February 27, 2026 16:34
Reduce iFlow proxy stream logging overhead
b04c22e
@MasuRii
fix(error-handler): add RemoteProtocolError to api_connection classif…
14dc122 
…ication

Include httpx.RemoteProtocolError in the error type tuple for
api_connection classification. This error occurs when a peer closes the
connection without sending a complete message and should be treated as a
transient connection issue rather than an unhandled exception.
@MasuRii
fix(iflow): add connection error handling with retry logic in stream_…
bf4dace 
…handler

Wrap stream_handler in a retry loop with exponential backoff for
transient connection errors (RemoteProtocolError, ConnectError,
ReadTimeout, NetworkError). Retries up to 3 times with 1s/2s/4s
backoff before re-raising for higher-level error handling.

Changes:
- Add CONNECTION_ERROR_TYPES tuple and CONTEXT_WINDOW_ERROR_PATTERNS
  as module-level constants for reuse and clarity
- Add MAX_CONNECTION_RETRIES and RETRY_BACKOFF_BASE configuration
- Restructure stream_handler with while-loop retry around the stream
  context manager, re-creating the stream on each retry attempt
- Add context window error detection from HTTP error response bodies
  to surface token limit issues explicitly
- Import asyncio for async sleep during backoff
@MasuRii
fix(iflow): add silent context failure detection for empty 200 responses
bc58e34 
- Detect empty choices array in HTTP 200 responses
- Detect zero completion_tokens with non-zero prompt_tokens
- Detect empty assistant messages (no content/reasoning/tool_calls)
- Detect streams that complete without any data chunks
- Raise non-retryable context_window_exceeded error for these cases
- Prevents quota waste from repeated failed requests
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Mirrowel Mirrowel Awaiting requested review from Mirrowel Mirrowel is a code owner

At least 3 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@redzrush101 @Mirrowel @MasuRii