* docs: add PRD for vscode-header-simulation (#37)

* feat(version-detection): add VS Code + Copilot Chat version auto-detection (#37)

- Replace AUR scrape in getVSCodeVersion() with official update.code.visualstudio.com API; keep AUR as secondary fallback; retain hardcoded "1.104.3" tertiary fallback
- Add getCopilotChatVersion() querying VS Code Marketplace API for GitHub.copilot-chat; fallback "0.26.7"
- Both functions use module-level 24h in-memory TTL cache
- Add copilotChatVersion?: string to State interface and initial state
- Add tests covering: successful fetch, network failure fallback, and cache hit within TTL

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* feat(api-config): wire dynamic versions into headers + startup log (#37)

- Add cacheCopilotChatVersion() in utils.ts; call it alongside cacheVSCodeVersion() at startup
- Log resolved versions at startup: "VS Code: <ver>  Copilot Chat: <ver>"
- Replace hardcoded COPILOT_VERSION constant in api-config.ts with state.copilotChatVersion ?? "0.26.7" in both copilotHeaders() and githubHeaders()
- Remove dead EDITOR_PLUGIN_VERSION and USER_AGENT module-level constants
- Add JSDoc comment block on copilotHeaders() documenting every header's source/purpose
- Add tests/utils.test.ts covering cacheCopilotChatVersion and cacheVSCodeVersion with mocked services

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix: address review round 1 feedback (#37)

- C1: validate version strings against /^\d+\.\d+\.\d+$/ before use in HTTP headers (CRLF injection prevention)
- C2: skip cache write when version equals FALLBACK constant, allowing retry on next call
- C3/I2: run getVSCodeVersion + getCopilotChatVersion in parallel via Promise.all in start.ts
- I1: delete cacheCopilotChatVersion and cacheVSCodeVersion wrapper functions from utils.ts; call service fns directly from start.ts
- I3: add consola.warn() before every FALLBACK usage (fetch failures and format check)
- I4: remove four Marketplace response interfaces; use eslint-disabled any + unknown typed chain access
- I5: remove pointless const cached = cache alias; reference cache directly
- I6: tighten AUR regex from /pkgver=([0-9.]+)/ to /pkgver=(\d+\.\d+\.\d+)/
- T1-T7: add missing test cases (malformed JSON, missing pkgver, HTTP 503, empty version, TTL expiry, undefined state fallback, CRLF injection)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix: address review round 2 feedback (#37)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

#38-#45)

- H1: Remove dead [DONE] sentinel from native SSE loop (Anthropic terminates via connection close)
- H3: Conditionally set accept: text/event-stream only when streaming
- M1: buildUpstreamPayload returns rest (not payload) when thinking absent, stripping output_config
- M2: Truncate raw SSE data to 200 chars in warn log to prevent log injection
- L2: Remove claude_ underscore prefix heuristic (no known Anthropic model uses it)
- L3: Document >= 7 threshold comment in isAdaptiveThinkingModel
- L4: Replace verbose JSDoc on nativeAnthropicModelIds with concise standard form
- Export buildUpstreamPayload for direct unit testing
- Add tests/native-passthrough.test.ts with T1-T9 covering payload transform and model routing

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

feat: native Anthropic pass-through for Claude models (#38)

Export FALLBACK from get-vscode-version.ts and apply
`state.vsCodeVersion ?? VSCODE_VERSION_FALLBACK` in both
copilotHeaders calls, matching the existing copilotChatVersion pattern.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

- input: accept string | Array<ResponsesInputItem> (string shorthand)
- ResponsesContentPart: add input_file variant (file_id / file_data)
- ResponsesResponse.status: add "cancelled"
- ResponsesFunctionCallOutput: add optional id field
- service_tier: narrow to "default" | "flex" | string
- handler: downgrade warn to info (stub log not a health signal)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Implements createResponses() service client modelled on createChatCompletions,
with inputHasImages/isAgentCall helpers and X-Initiator header logic; wires the
/responses handler to call the real service client with manualApprove gate and
full streaming/non-streaming SSE proxy; updates route tests to cover the live
handler behaviour instead of the old 501 stub.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

…sts (#4)

- Delete unused `ResponseStreamEvent` interface from create-responses.ts
- Add explicit `Promise<ResponsesResponse | AsyncGenerator<ServerSentEventMessage, void, unknown>>` return type to `createResponses`
- Wire `forwardError` into responses route so upstream 4xx/5xx propagates correctly
- Expand tests/responses-route.test.ts: new "createResponses behavior" describe block with X-Initiator=agent (assistant message), X-Initiator=user (pure user), X-Initiator=agent (function_call_output), and upstream 429 error path
- Remove spurious `// eslint-disable-next-line require-atomic-updates` comment; fix underlying lint issue

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

…est hygiene (#4)

- Add onError callback to streamSSE so mid-stream upstream failures
  are logged and surface an error event to the client instead of
  silently dropping the connection
- Extend isAgentCall to treat reasoning items as agent context
  (they only appear when echoing prior-turn encrypted reasoning)
- Wrap missing-token test in try/finally to prevent state leakage
- Add X-Initiator=agent test for reasoning item input

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

…lish (#4)

- afterEach restores globalThis.fetch so assertion failures can't leak
  mock state into subsequent tests
- Add streaming smoke test: mocks ReadableStream SSE body, asserts
  content-type: text/event-stream and event names forwarded verbatim
- Return type AsyncGenerator -> AsyncIterable (matches events() actual type)
- Suppress [DONE] sentinel warn — expected at every stream end, not a
  parse error

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Add getModelMode/isResponsesOnlyModel to classify Responses-only models
(codex family, o-pro variants), block them at /chat/completions with a
clear 400, and surface a mode field on GET /v1/models.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

…dering, test fixes (#5)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

…arrowing (#5)

- getModelMode: return "chat" early when modelId is falsy — prevents
  TypeError crash on requests missing the model field
- isResponsesOnlyModel: anchor codex check with word boundaries
  (/(?:^|-)codex(?:-|$)/) to avoid false-positives on future codex-mini
- ModelCapabilities.type: narrow to "chat"|"responses"|(string & {})
  so routing logic is type-checked against known upstream values

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Adds a sanitiseResponsesOutput translation layer that guarantees
encrypted_content on reasoning items is never stripped (required for
multi-turn continuity) and removes status: null fields that Copilot
upstream rejects on re-submission (litellm PR #22370).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

…test (#6)

- Export sanitiseOutputItem so streaming path can use it
- Streaming handler parses each SSE event and strips status:null from
  embedded item/output fields before forwarding
- Fix false-positive test: inject status:null explicitly + assert
  encrypted_content survives; add in_progress / incomplete passthrough tests

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>