1.8 KiB
1.8 KiB
抓到了。CodeBuddy SDK/CLI 会走代理,HTTPS 明文能被 mitmdump 解出来。
我新增了一个打码抓包脚本:
注意路径是 scripts/mitm-redact.py。它只记录摘要,Authorization、API key、token、cookie 都会打码。
本次关键结果:
POST https://copilot.tencent.com/v2/chat/completions
POST https://copilot.tencent.com/v2/report
主请求是 OpenAI Chat Completions 风格:
{
"model": "glm-5.1",
"messages": [
{ "role": "system", "content": "..." },
{ "role": "user", "content": [{ "type": "text" }, { "type": "text" }] }
],
"tools": ["Agent", "Read", "Write", "Edit", "MultiEdit", "Bash", "Glob", "Grep", "EnterPlanMode", "ExitPlanMode", "TaskCreate", "TaskGet", "TaskUpdate", "TaskList", "WebFetch", "WebSearch", "TaskStop", "TaskOutput", "Skill", "AskUserQuestion"],
"temperature": 1,
"stream": true,
"stream_options": { "include_usage": true },
"reasoning_effort": "medium"
}
请求头关键项:
X-API-Key: <redacted>
Authorization: <redacted>
X-Conversation-ID
X-Conversation-Request-ID
X-Conversation-Message-ID
X-Agent-Intent: craft
X-IDE-Type: CLI
X-IDE-Name: CLI
X-IDE-Version: 2.93.3
x-codebuddy-request: 1
User-Agent: CLI/2.93.3 CodeBuddy/2.93.3 ...
Content-Encoding: gzip
响应也是 OpenAI SSE chunk:
content-type: text/event-stream
object: chat.completion.chunk
model: glm-5.1-tencent
data: {...}
data: [DONE]
结论:低内存直连方向是可行的,至少主链路不是私有二进制协议,而是 copilot.tencent.com/v2/chat/completions 的 OpenAI-compatible SSE。下一步要做的是把当前 TS 中转从 SDK 改成直接调用这个上游:复刻必要 headers、gzip 请求、SSE 转发,并验证只用 apikey 能不能稳定鉴权。