versun/claude-code
1
0
Fork 0
mirror of https://github.com/claude-code-best/claude-code.git synced 2026-06-15 12:55:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
feature/tool_search
claude-code/docs/features/remote-control-self-hosting.md
Dosion c2ac9a74c1 fix: resolve dependency audit findings precisely (#361) 
* fix: harden ACP communication boundaries

Harden ACP communication boundaries

Remote ACP sessions now cannot widen permission mode through untrusted
metadata or client payloads. WebSocket ACP ingress measures payloads by bytes
before binary decode, and prompt queue handoff keeps exactly one prompt active
while queued prompts are drained FIFO.

Constraint: ACP remote clients must not be able to open bypassPermissions without local launch intent
Constraint: WebSocket payload limits must be byte-based and checked before binary decode
Rejected: Keep promptToQueryContent wrapper | no production consumers remained after prompt conversion single-sourcing
Confidence: high
Scope-risk: moderate
Directive: Do not re-enable remote bypassPermissions from _meta unless a local launch gate is verified in both acp-link and agent
Tested: targeted ACP/RCS/acp-link prompt queue, bridge, permission, payload, and prompt conversion tests; bun run typecheck; bun run build
Not-tested: Manual live ACP/RCS session against an external client

* fix: restore repository verification gates

Keep the full repository test, typecheck, build, and Biome lint gates usable
after the ACP fix pass. This commit is intentionally separate from the ACP
behavior change: it fixes Windows-safe Langfuse home redaction, removes stale
lint suppressions, resolves Biome warning/info diagnostics, and keeps env
expansion tests explicit without template-placeholder lint noise.

Constraint: The project completion contract requires full typecheck, lint, test, and build evidence
Rejected: Leave warning/info diagnostics as historical noise | they obscure future gate regressions and weaken flow-impact claims
Confidence: high
Scope-risk: narrow
Directive: Keep repository gate cleanup separate from feature fixes when it is not part of the same runtime path
Tested: bunx biome lint src/; bunx tsc --noEmit; bun test src/services/mcp/__tests__/envExpansion.test.ts src/utils/__tests__/sliceAnsi.test.ts src/utils/__tests__/stringUtils.test.ts; bun test; bun run build
Not-tested: Manual Langfuse export against a real external Langfuse service

* fix: harden ACP failure boundaries after review

Deep review found several paths that made ACP communication failures look normal: prompt errors could finish as end_turn, permission pipeline exceptions could fall through to client approval, tool rawInput was deep-copied with JSON, and acp-link accepted unbounded or unvalidated WebSocket payloads. This keeps the behavior fail-closed, validates WS payloads before dispatch, caps payload size before JSON parse, and preserves cancellation intent with a generation counter.

Constraint: User explicitly rejected pseudo-fixes, fallback behavior, and unbounded payload handling

Rejected: Keep JSON stringify/parse rawInput copy | duplicates large payloads and silently drops non-JSON inputs

Rejected: Delegate permission pipeline errors to client approval | allows a broken local permission check to be bypassed

Confidence: high

Scope-risk: moderate

Directive: Do not convert ACP errors into normal end_turn responses without a protocol-level reason and regression tests

Tested: bun test src/services/acp/__tests__/agent.test.ts src/services/acp/__tests__/bridge.test.ts src/services/acp/__tests__/permissions.test.ts

Tested: bun test packages/acp-link/src/__tests__/server.test.ts

Tested: bunx tsc --noEmit

Tested: bunx biome lint src/ packages/acp-link/src/

Tested: bun run test:all

Tested: bun run build

Not-tested: Manual end-to-end ACP client session over a real editor WebSocket

* fix: prevent ACP coverage runs from seeing partial mocks

GitHub Actions failed under bun test --coverage because permissions.test.ts replaced ../bridge.js with a partial mock that omitted forwardSessionUpdates. Coverage worker ordering on Linux let sibling tests observe that incomplete module.

This isolates ACP test mocks by snapshotting real exports, overriding only requested symbols, and restoring mocks in LIFO order. The shared helper also keeps the same behavior in agent.test.ts without duplicating mock infrastructure.

Constraint: bun:test mock.module is process-global inside a worker.

Rejected: Add fallback exports or production guards | the bridge export exists; the failure was test mock pollution.

Rejected: Keep per-file helper copies | duplication would let restore semantics drift again.

Confidence: high

Scope-risk: narrow

Directive: Prefer safeMockModule for partial mocks of real modules in ACP tests; plain mock.module is only appropriate for fully synthetic modules or isolated tests.

Tested: bun test src/services/acp/__tests__/agent.test.ts src/services/acp/__tests__/bridge.test.ts src/services/acp/__tests__/permissions.test.ts

Tested: bun test --coverage --coverage-reporter=lcov

Tested: bunx tsc --noEmit

Tested: bun run lint

Tested: git diff --check

Not-tested: Linux runner directly before push

* fix: normalize ACP bypass requests without warning noise

The previous CI repair removed the failing partial bridge mock, but it also added a shared safeMockModule helper and left the acp-link bypass normalization warning in the real new_session path.

This tightens the fix: acp-link now treats an unauthorized client bypass request as normal permission-mode normalization without emitting a warning, and the ACP permission test explicitly preserves the real bridge and permission exports instead of using a shared helper. The agent test keeps its local mock preservation but names it by behavior and restores mocks in LIFO order.

Constraint: CI output should not contain expected warning noise for covered policy branches.

Rejected: Silence the test only | the normal new_session path would still warn for an expected normalization branch.

Rejected: Keep the shared safeMockModule helper | the failing module was specific and should be fixed by preserving real exports at the mocking site.

Confidence: high

Scope-risk: narrow

Directive: Treat client-requested bypassPermissions as data to normalize unless the local default explicitly enables bypass.

Tested: bun test packages/acp-link/src/__tests__/server.test.ts

Tested: bun test src/services/acp/__tests__/agent.test.ts src/services/acp/__tests__/bridge.test.ts src/services/acp/__tests__/permissions.test.ts

Tested: bun test --coverage --coverage-reporter=lcov with UPPER_WARN_COUNT=0

Tested: bun run test:all

Tested: bun run lint

Tested: bunx tsc --noEmit

Tested: git diff --check

* fix: harden ACP bypass and CI warning gates

ACP clients must not be able to enter bypassPermissions unless the local ACP gate and process environment both allow it. The same gate now controls session creation, explicit mode changes, and the ExitPlanMode option list, while session setup restores process.cwd so coverage and later work do not inherit ACP session state.

Constraint: CI must stay warning-clean without hiding real ACP permission failures

Rejected: Logging rejected bypass requests on the normal new_session path | it preserves audit text but reintroduces warning noise the runtime should not emit

Rejected: Broad CI=true postinstall skip | it hides explicit Chrome MCP setup checks outside the install path

Confidence: high

Scope-risk: moderate

Directive: Keep bypassPermissions gated through one ACP availability decision before exposing it to clients

Tested: bun test src/services/acp/__tests__/permissions.test.ts src/services/acp/__tests__/agent.test.ts packages/acp-link/src/__tests__/server.test.ts

Tested: bun run test:all

Tested: bun run lint

Tested: bun run build:vite with zero warning matches

Tested: bun test --coverage --coverage-reporter lcov --coverage-dir coverage produced non-empty lcov with SF records and zero filtered warning matches

Not-tested: GitHub Actions result after this push

* fix: remove remaining CI warning noise

The CI log still had three non-failing warnings after the ACP hardening commit: git init default-branch advice from checkout, a Node 20 action-runtime deprecation, and one additional known Vite dynamic-import diagnostic that only surfaced on Linux. The workflow now provides explicit git config and opts actions into Node 24, while Vite keeps a narrow allowlist for acknowledged optimizer diagnostics.

Constraint: Do not use shell log filtering to hide warnings after they happen

Rejected: Grep warning lines out of CI output | it would make future diagnostics harder to find

Confidence: high

Scope-risk: narrow

Directive: Add new Vite warning allowlist entries only after checking that they are existing optimizer diagnostics, not new application defects

Tested: bunx tsc --noEmit --pretty false

Tested: bunx biome lint .github/workflows/ci.yml vite.config.ts

Tested: bun run build:vite with zero warning matches

Not-tested: GitHub Actions result after this push

* fix: reject unauthorized ACP bypass and harden CI actions

ACP clients now fail closed when permissionMode is malformed, unknown, or requests bypass without a local bypass opt-in. acp-link validates new_session input before forwarding to the agent and returns client error frames for expected unauthorized requests without logging create-failed noise. The direct AcpAgent path independently rejects invalid _meta.permissionMode and unauthorized bypass instead of falling back to settings.

CI workflows and generated GitHub App templates now use Node 24-compatible actions pinned to immutable commit SHAs, and acp-link startup output no longer prints the auth token.

Constraint: Must not hide warnings with test isolation or log filtering

Rejected: Silent fallback to local permission mode | accepts invalid client intent and masks boundary behavior

Rejected: Broad dependency churn from bun update | audit remained failing while package and lockfile churn expanded scope

Confidence: high

Scope-risk: moderate

Directive: Client-provided permissionMode must stay fail-closed before reaching AcpAgent; only local settings.defaultMode may fall back to default on invalid local config

Tested: bun test packages/acp-link/src/__tests__/server.test.ts src/services/acp/__tests__/agent.test.ts src/services/acp/__tests__/permissions.test.ts src/services/skillLearning/__tests__/skillLifecycle.test.ts src/utils/settings/__tests__/config.test.ts

Tested: bunx tsc -p packages/acp-link/tsconfig.json --noEmit --pretty false

Tested: bunx tsc --noEmit --pretty false

Tested: bun run lint

Tested: bun run test:all

Tested: local CI equivalent install/typecheck/coverage/build with warning_scan=0

Not-tested: Pre-existing bun audit vulnerabilities require a separate dependency-hardening PR

* fix: resolve dependency audit findings precisely

Use dependency-native upgrades and lockfile resolution to close the audit findings without suppressions. Keep the chrome MCP setup aligned with the new dependency graph and add real integration coverage so the override behavior stays verified.

Constraint: no audit ignores or warning suppression
Rejected: broad google-auth/protobuf overrides | replaced with upstream-compatible resolution
Confidence: high
Scope-risk: moderate
Directive: keep dependency fixes upstream-compatible; do not reintroduce blanket overrides unless the audit surface changes materially
Tested: bun audit; bun audit --json; bun install --frozen-lockfile with CLAUDE_CODE_SKIP_CHROME_MCP_SETUP=1; bunx tsc --noEmit --pretty false; bun run lint; targeted tests; bun run test:all; bun test --coverage --coverage-reporter lcov --coverage-dir coverage; bun run build:vite
Not-tested: unrelated pre-existing ACP/CORS/token fallback residual risks

* fix: keep ACP auth tokens out of URLs

Replace the ad hoc URL-token flow with crypto UUID-backed transport identifiers so the bearer token stays in structured request data instead of query strings. Keep the server, web client, and transport helpers aligned so the ACP/RCS handshake remains compatible after the API shape change.

Constraint: token must not be embedded in the URL
Rejected: token-as-uuid query fallback | leaked bearer tokens in URLs
Confidence: high
Scope-risk: moderate
Directive: preserve the structured auth path; do not reintroduce query-token fallback when adjusting ACP transport code
Tested: targeted ACP/RCS transport tests
Not-tested: unrelated pre-existing ACP/CORS/token fallback residual risks

* fix: normalize WebFetch request headers

Normalize WebFetch headers before dispatch so canonicalization preserves auth semantics and duplicate forms do not slip through. Keep the behavior locked with a focused header test instead of broadening the request pipeline.

Constraint: preserve header semantics without widening the fetch surface
Rejected: ad hoc caller-side normalization | too easy to bypass in future call sites
Confidence: high
Scope-risk: narrow
Directive: keep header normalization close to the WebFetch utility so future callers inherit the same behavior automatically
Tested: targeted WebFetch header tests
Not-tested: unrelated fetch backend behavior beyond header normalization

* fix: harden ACP remote auth surfaces

Tighten the remaining Claude security artifact items by requiring API keys on ACP global reads and relay upgrades, moving WebSocket tokens out of URLs, and replacing open web CORS with an explicit allowlist.

Constraint: Browser WebSocket clients cannot set arbitrary Authorization headers, so the token is carried in a selected subprotocol instead of a query string.
Rejected: Keep UUID auth for ACP channel groups | any caller can mint a UUID and read global ACP data.
Rejected: Preserve ?token= compatibility | secrets leak into logs, history, referrers, and intermediaries.
Confidence: high
Scope-risk: moderate
Directive: Do not reintroduce query-string bearer tokens; use Authorization or rcs.auth.<base64url-token>.
Tested: bunx tsc --noEmit --pretty false
Tested: bun run typecheck in packages/remote-control-server
Tested: bun run build in packages/acp-link
Tested: bun run lint
Tested: bun audit
Tested: focused RCS/acp-link/web tests, 160 pass
Tested: Edge headless browser WebSocket subprotocol handshake
Tested: bun run test:all, 3669 pass
Tested: bun run build:vite
Tested: bun run build
Not-tested: Manual end-to-end relay with a live external ACP agent

* fix: resolve CI dependency override lookup

The CI runner does not expose @grpc/proto-loader as a root-resolvable package, and the test was relying on local hoisting rather than the real dependency owner. Resolve proto-loader through @opentelemetry/exporter-trace-otlp-grpc and @grpc/grpc-js so the smoke test follows the package graph it is validating.

Constraint: Do not add a new root dependency for a transitive smoke test.

Rejected: Skip or weaken the test | the test protects the protobuf 7 override path and should keep exercising loadSync.

Rejected: Add @grpc/proto-loader directly to root package.json | that hides the owning-package resolution issue and broadens dependency surface.

Confidence: high

Scope-risk: narrow

Directive: Dependency override smoke tests should resolve from the package that actually owns the dependency, not from incidental root hoisting.

Tested: bun test tests/integration/dependency-overrides.test.ts; bunx tsc --noEmit --pretty false; bun run lint; bun audit; bun run test:all; git diff --check

---------

Co-authored-by: unraid <local@unraid.local>
2026-04-26 19:49:54 +08:00

13 KiB
Raw Permalink Blame History

Remote Control Server 私有化部署指南

本指南说明如何将 Remote Control Server (RCS) 部署到私有环境,并通过 Claude Code CLI 连接使用。

架构概览

┌──────────────────┐                    ┌──────────────────────┐
│  Claude Code CLI  │ ◄── HTTP/SSE/WS ─►│  Remote Control      │
│  (Bridge Worker)  │     长轮询 + 心跳   │  Server (RCS)        │
└──────────────────┘                    │                      │
                                        │  ┌──────────────┐    │
┌──────────────────┐   HTTP/SSE        │  │ In-Memory    │    │
│  Web UI 控制面板  │ ◄─────────────── │  │ Store        │    │
│  (/code/*)       │                   │  └──────────────┘    │
│  (React + Vite)  │                   │  ┌──────────────┐    │
└──────────────────┘                   │  │ JWT Auth     │    │
                                       │  └──────────────┘    │
┌──────────────────┐                   │  ┌──────────────┐    │
│  acp-link        │ ◄── ACP Relay ─── │  │ ACP Handler  │    │
│  + ACP Agent     │     WebSocket      │  └──────────────┘    │
└──────────────────┘                   └──────────────────────┘

RCS 是一个纯内存的中间服务,它的职责是:

  • 接收 Claude Code CLI 的环境注册和工作轮询
  • 接收 acp-link 的 ACP agent 注册,支持 WebSocket relay 桥接
  • 提供 Web UI 供操作者远程监控和审批
  • 通过 WebSocket/SSE 双向传输消息
  • 管理会话、环境、权限请求
  • 提供 ACP SSE event stream 供外部消费者订阅 channel group 事件

前置条件

  • 一台可被 Claude Code CLI 和 Web 浏览器同时访问的服务器物理机、VM、容器均可
  • Docker
  • 启用 BRIDGE_MODE feature flag 的 Claude Code 构建

部署

构建 Docker 镜像

在项目根目录执行:

docker build -t rcs:latest -f packages/remote-control-server/Dockerfile .

启动容器

docker run -d \
  --name rcs \
  -p 3000:3000 \
  -e RCS_API_KEYS=sk-rcs-your-secret-key-here \
  -e RCS_BASE_URL=https://rcs.example.com \
  -v rcs-data:/app/data \
  --restart unless-stopped \
  rcs:latest

Docker Compose

version: "3.8"
services:
  rcs:
    build:
      context: .
      dockerfile: packages/remote-control-server/Dockerfile
      args:
        VERSION: "0.1.0"
    ports:
      - "3000:3000"
    environment:
      - RCS_API_KEYS=sk-rcs-your-secret-key-here
      - RCS_BASE_URL=https://rcs.example.com
    volumes:
      - rcs-data:/app/data
    restart: unless-stopped

volumes:
  rcs-data:

启动:

docker compose up -d

环境变量参考

服务器端

变量 必填 默认值 说明
RCS_API_KEYS (空) API 密钥列表,逗号分隔。用于客户端认证和 JWT 签名。务必设置强密钥
RCS_PORT 3000 服务监听端口
RCS_HOST 0.0.0.0 服务监听地址
RCS_BASE_URL http://localhost:3000 外部访问 URL。用于生成 WebSocket 连接地址,必须与客户端实际访问的地址一致
RCS_VERSION 0.1.0 版本号,显示在 /health 响应中
RCS_POLL_TIMEOUT 8 V1 工作轮询超时(秒)
RCS_HEARTBEAT_INTERVAL 20 心跳间隔(秒)
RCS_JWT_EXPIRES_IN 3600 JWT 令牌有效期(秒)
RCS_DISCONNECT_TIMEOUT 300 断线判定超时(秒)
RCS_WS_IDLE_TIMEOUT 30 WebSocket 空闲超时Bun 发送协议级 ping
RCS_WS_KEEPALIVE_INTERVAL 20 服务端→客户端 keep_alive 帧间隔(秒),防止反向代理关闭空闲连接

客户端Claude Code CLI

变量 必填 说明
CLAUDE_BRIDGE_BASE_URL RCS 服务器地址,例如 https://rcs.example.com。设置此变量即启用自托管模式,跳过 GrowthBook 门控
CLAUDE_BRIDGE_OAUTH_TOKEN 认证令牌,必须与服务器端 RCS_API_KEYS 中的某个值匹配
CLAUDE_BRIDGE_SESSION_INGRESS_URL WebSocket 入口地址(默认与 CLAUDE_BRIDGE_BASE_URL 相同)
CLAUDE_CODE_REMOTE 设为 1 时标记为远程执行模式

Claude Code 客户端连接

1. 设置环境变量

在运行 Claude Code 的机器上设置:

export CLAUDE_BRIDGE_BASE_URL="https://rcs.example.com"
export CLAUDE_BRIDGE_OAUTH_TOKEN="sk-rcs-your-secret-key-here"

2. 启动 Claude Code

# 使用 dev 模式BRIDGE_MODE 默认启用)
bun run dev

# 或使用构建产物
bun run dist/cli.js

3. 执行 /remote-control 命令

在 Claude Code 的 REPL 中输入:

/remote-control

环境型 Remote Control例如 claude remote-control 子命令)会向 RCS 注册环境,注册成功后在终端显示连接 URL

https://rcs.example.com/code?bridge=<environmentId>

交互式 REPL 方式(--remote-control/remote-control)在某些桥接模式下也可能直接给出会话 URL

https://rcs.example.com/code/session_<id>

两种 URL 都可以直接在浏览器打开并远程操控当前会话;只有 environment 模式才会出现在 Web UI 的环境列表中。

若已连接,再次执行 /remote-control 会显示对话框,包含以下选项:

  • Disconnect this session — 断开远程连接
  • Show QR code — 显示/隐藏二维码
  • Continue — 保持连接,继续使用

也可通过 CLI 参数直接启动:

claude remote-control
# 或简写
claude rc
# 或
claude bridge

Web UI 控制面板

通过 /remote-control 命令获取 URL 后,在浏览器打开即可使用。

技术栈v22026-04-18 重构)

Web UI 已从原生 JS 重构为 React + Vite + Radix UI

  • 框架: React 19 + Vite 构建TypeScript
  • UI 组件: Radix UI primitivesDialog、Tabs、Select、Popover 等)
  • 聊天组件: 完整的 ACP 聊天界面,支持 Plan 可视化、工具调用展示、权限审批
  • AI Elements: 独立的 AI 交互组件库message、reasoning、tool、code-block、prompt-input 等)
  • ACP 直连: 支持 QR 码扫描自动跳转 ACP 直连视图(ACPDirectView
  • 主题系统: 暗色/亮色主题切换,遵循 Impeccable 设计系统

功能

  • 查看已注册的运行环境environment 模式),区分 ACP Agent 和 Claude Code 类型
  • 创建和管理会话
  • 实时查看对话消息和工具调用
  • 查看 Autopilot 状态(standby / sleeping)和自动运行指示
  • 查看 authoritative task snapshots 驱动的 Tasks 面板
  • 审批 Claude Code 的工具权限请求
  • 权限模式选择器6 种模式:默认/自动接受编辑/跳过权限/规划/不询问/自动判断)
  • 模型选择器(可选可用模型)
  • Plan 可视化(进度条、状态图标、优先级标签)
  • ACP QR 扫描自动跳转到 ACP 聊天界面

Web UI 使用 UUID 认证(无需用户账户),适合受信任网络环境。

ACP 支持

RCS 支持 ACP (Agent Client Protocol) agent 通过 acp-link 包接入。

架构

acp-link ──REST注册──► RCS POST /v1/environments/bridge
acp-link ──WS identify──► RCS WebSocket (携带 agentId)
acp-link ◄──ACP relay──► RCS ◄──Web UI WS──► 浏览器

后端组件

文件 职责
src/routes/acp/index.ts ACP REST 路由agents 列表、channel groups、relay
src/transport/acp-ws-handler.ts ACP WebSocket 处理agent 注册、心跳、消息转发
src/transport/acp-relay-handler.ts 前端 WS → acp-link 透传 + EventBus inbound 转发
src/transport/acp-sse-writer.ts SSE event stream 供外部消费者订阅

ACP 的 agents、channel groups、relay 和 channel-group SSE 端点都要求有效 API key。浏览器 EventSource 不能发送 Authorization header外部订阅 /acp/channel-groups/:id/events 时需要使用 fetch + ReadableStream 并带 Authorization: Bearer <api-key>

acp-link 连接

详见 acp-link 文档

# 在 RCS 环境中启动 acp-link
# 注意claude 本身不支持 ACP需要用 ccb-bun --acp
ACP_RCS_URL=http://localhost:3000 \
ACP_RCS_TOKEN=sk-rcs-your-key \
acp-link ccb-bun -- --acp

ACP session 在 Web UI 中显示品牌色标签,与普通 Claude Code session 区分。

工作流程详解

┌──────────────────────────────────────────────────────────┐
│                    完整工作流程                            │
└──────────────────────────────────────────────────────────┘

 1. Claude Code CLI 启动,设置环境变量指向自托管 RCS

 2. 用户执行 /remote-control 命令

 3. 注册环境
    CLI ──POST /v1/environments/bridge──► RCS
    CLI ◄── { environment_id, environment_secret } ── RCS

 4. 终端显示连接 URL
    https://rcs.example.com/code?bridge=<environmentId>

 5. 开始工作轮询(循环)
    CLI ──GET /v1/environments/:id/work/poll──► RCS
         (长轮询,等待任务分配,超时 8 秒后重试)

 6. 浏览器打开 URL → Web UI 创建任务
    Browser ──POST /web/sessions──► RCS
    RCS 分配 work 给正在轮询的 CLI

 7. CLI 收到任务并确认
    CLI ◄── { id, data: { type, sessionId } } ── RCS
    CLI ──POST /v1/environments/:id/work/:workId/ack──► RCS

 8. 建立会话连接
    CLI ──WebSocket /v1/session_ingress──► RCS
         (或使用 V2 的 SSE + HTTP POST

 9. 双向通信
    CLI ──消息/工具调用结果──► RCS ──► Browser
    CLI ◄──权限审批/指令───── RCS ◄──── Browser
    CLI ──automation_state / task_state──► RCS ──► Browser

10. 心跳保活(每 20 秒)
    CLI ──POST /v1/environments/:id/work/:workId/heartbeat──► RCS

11. 任务完成 → 归档会话 → 注销环境

故障排查

Web UI 看不到当前 Autopilot 状态

  • standbyproactive 已开启,正在等待下一个 tick
  • sleeping:模型正在 SleepTool 等待窗口中

这两个状态通过 worker external_metadata.automation_state 上报。如果页面只显示普通 working spinner优先检查 CLI 和 RCS 之间的 worker metadata PUT 是否成功。

CLI 无法连接

Error: Remote Control is not available in this build.

原因BRIDGE_MODE feature flag 未启用。

解决:使用 dev 模式(默认启用)或确保构建时包含 BRIDGE_MODE flag。

认证失败 (401)

Error: Unauthorized

检查项

  1. CLAUDE_BRIDGE_OAUTH_TOKEN 是否与 RCS_API_KEYS 中的值匹配
  2. API Key 是否包含多余的空格或换行
  3. 两个环境变量是否都已正确设置

WebSocket 连接中断

检查项

  1. 如果使用反向代理,确认已正确配置 WebSocket 升级(Upgrade / Connection 头)
  2. 代理的 proxy_read_timeout 是否足够大(建议 86400 秒)
  3. 网络防火墙是否允许 WebSocket 流量

健康检查

curl https://rcs.example.com/health
# 预期: {"status":"ok","version":"0.1.0"}

限制与注意事项

项目 说明
存储 纯内存存储Map服务器重启后所有会话和环境数据丢失
扩展 不支持水平扩展(无共享状态),单实例部署
并发 适合中小规模使用,大量并发会话可能需要性能调优
数据持久化 /app/data 卷已预留但当前未使用,未来可能用于持久化
Web UI 认证 基于 UUID无用户账户系统适合受信任网络环境

与云端模式对比

特性 云端 (Anthropic CCR) 自托管 (RCS)
认证方式 claude.ai OAuth 订阅 API Key
GrowthBook 门控 需要 tengu_ccr_bridge 通过 自动跳过
功能标志 需要 BRIDGE_MODE=1 同样需要
部署位置 Anthropic 云端 用户自有服务器
数据流经 Anthropic 基础设施 用户私有网络
依赖 claude.ai 订阅 + OAuth 仅需 API Key

自托管模式的核心优势是:设置 CLAUDE_BRIDGE_BASE_URL 后,代码自动调用 isSelfHostedBridge() 返回 true,跳过所有 GrowthBook 和订阅检查,无需 claude.ai 账户即可使用。

Reference in New Issue View Git Blame Copy Permalink