57 Commits

  • security: fix localhost middleware header spoofing vulnerability
    Fix critical security vulnerability in amp-restrict-management-to-localhost
    feature where attackers could bypass localhost restriction by spoofing
    X-Forwarded-For headers.
    
    Changes:
    - Use RemoteAddr (actual TCP connection) instead of ClientIP() in
      localhostOnlyMiddleware to prevent header spoofing attacks
    - Add comprehensive test coverage for spoofing prevention (6 test cases)
    - Update documentation with reverse proxy deployment guidance and
      limitations of the RemoteAddr approach
    
    The fix prevents attacks like:
      curl -H "X-Forwarded-For: 127.0.0.1" https://server/api/user
    
    Trade-off: Users behind reverse proxies will need to disable the feature
    and use alternative security measures (firewall rules, proxy ACLs).
    
    Addresses security review feedback from PR #287.
  • fix(amp): enable OAuth fallback for Gemini v1beta1 routes
    AMP CLI sends Gemini requests to non-standard paths that were being
    directly proxied to ampcode.com without checking for local OAuth.
    
    This fix adds:
    - GeminiBridge handler to transform AMP CLI paths to standard format
    - Enhanced model extraction from AMP's /publishers/google/models/* paths
    - FallbackHandler wrapper to check for local OAuth before proxying
    
    Flow:
    - If user has local Google OAuth → use it (free tier)
    - If no local OAuth → fallback to ampcode.com (charges credits)
    
    Fixes issue where gemini-3-pro-preview requests always charged AMP
    credits even when user had valid Google Cloud OAuth configured.
  • fix(amp): filter context-1m beta header for local OAuth providers
    Amp CLI sends 'context-1m-2025-08-07' in Anthropic-Beta header which
    requires a special 1M context window subscription. After upstream rebase
    to v6.3.7 (commit 38cfbac), CLIProxyAPI now respects client-provided
    Anthropic-Beta headers instead of always using defaults.
    
    When users configure local OAuth providers (Claude, etc), requests bypass
    the ampcode.com proxy and use their own API subscriptions. These personal
    subscriptions typically don't include the 1M context beta feature, causing
    'long context beta not available' errors.
    
    Changes:
    - Add filterBetaFeatures() helper to strip specific beta features
    - Filter context-1m-2025-08-07 in fallback handler when using local providers
    - Preserve full headers when proxying to ampcode.com (paid users get all features)
    - Add 7 test cases covering all edge cases
    
    This fix is isolated to the Amp module and only affects the local provider
    path. Users proxying through ampcode.com are unaffected and receive full
    1M context support as part of their paid service.
  • Add AMP fallback proxy and shared Gemini normalization
    - add fallback handler that forwards Amp provider requests to ampcode.com when the provider isn’t configured locally
    - wrap AMP provider routes with the fallback so requests always have a handler
    - share Gemini thinking model normalization helper between core handlers and AMP fallback
  • feat: Add Amp CLI integration with comprehensive documentation
    Add full Amp CLI support to enable routing AI model requests through the proxy
    while maintaining Amp-specific features like thread management, user info, and
    telemetry. Includes complete documentation and pull bot configuration.
    
    Features:
    - Modular architecture with RouteModule interface for clean integration
    - Reverse proxy for Amp management routes (thread/user/meta/ads/telemetry)
    - Provider-specific route aliases (/api/provider/{provider}/*)
    - Secret management with precedence: config > env > file
    - 5-minute secret caching to reduce file I/O
    - Automatic gzip decompression for responses
    - Proper connection cleanup to prevent leaks
    - Localhost-only restriction for management routes (configurable)
    - CORS protection for management endpoints
    
    Documentation:
    - Complete setup guide (USING_WITH_FACTORY_AND_AMP.md)
    - OAuth setup for OpenAI (ChatGPT Plus/Pro) and Anthropic (Claude Pro/Max)
    - Factory CLI config examples with all model variants
    - Amp CLI/IDE configuration examples
    - tmux setup for remote server deployment
    - Screenshots and diagrams
    
    Configuration:
    - Pull bot disabled for this repo (manual rebase workflow)
    - Config fields: AmpUpstreamURL, AmpUpstreamAPIKey, AmpRestrictManagementToLocalhost
    - Compatible with upstream DisableCooling and other features
    
    Technical details:
    - internal/api/modules/amp/: Complete Amp routing module
    - sdk/api/httpx/: HTTP utilities for gzip/transport
    - 94.6% test coverage with 34 comprehensive test cases
    - Clean integration minimizes merge conflict risk
    
    Security:
    - Management routes restricted to localhost by default
    - Configurable via amp-restrict-management-to-localhost
    - Prevents drive-by browser attacks on user data
    
    This provides a production-ready foundation for Amp CLI integration while
    maintaining clean separation from upstream code for easy rebasing.
    
    Amp-Thread-ID: https://ampcode.com/threads/T-9e2befc5-f969-41c6-890c-5b779d58cf18