fix: third-party API user_id validation error (DeepSeek, etc.)

[Simple6K]

When ANTHROPIC_BASE_URL points to a non-Anthropic endpoint (e.g. DeepSeek), the JSON-formatted user_id containing {, ", : characters fails validation against ^[a-zA-Z0-9_-]+$. Send only the hex device_id for third-party providers. 就是跳过用户id的输入。

---

^{Need help on this PR? Tag @codesmith with what you need.}

• Let Codesmith autofix CI failures and bot reviews

Summary by CodeRabbit

• Refactor
  • Optimized API metadata assembly logic to conditionally structure payload information based on usage context, improving efficiency without affecting user-facing functionality.

[mintlify]

Preview deployment for your docs. Learn more about Mintlify Previews.

Project	Status	Preview	Updated (UTC)
ccb-863780bf	🟢 Ready	View Preview	May 6, 2026, 9:53 AM

💡 Tip: Enable Workflows to automatically generate PRs for you.

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR refactors API metadata assembly in getAPIMetadata() to conditionally build payloads: minimal user_id for third-party base URLs, richer metadata (device_id, account_uuid, session_id) for first-party usage. Detection is based on inspecting ANTHROPIC_BASE_URL environment variable and computing device ID via getOrCreateUserID().

Changes

Provider-Aware API Metadata Assembly

Layer / File(s)	Summary
Provider Detection & Payload Assembly src/services/api/claude.ts	getAPIMetadata() now detects third-party vs. first-party base URLs via ANTHROPIC_BASE_URL, computes device ID with getOrCreateUserID(), and returns either minimal { user_id: deviceId } for third-party or enriched { device_id, account_uuid, session_id } for first-party.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 Whiskers twitch with metadata cheer,
Third-party gets a slim ID here,
But first-party gets the richer fare,
With account and session, oh so rare!
One function, two paths, logic so clear. ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly identifies the main problem (third-party API user_id validation error) and provides a specific example (DeepSeek), directly matching the core change of handling user_id differently for third-party endpoints.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/third-party-api-user-id

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

❌ Patch coverage is 0% with 21 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
src/services/api/claude.ts	0.00%	21 Missing ⚠️

📢 Thoughts on this report? Let us know!

[coderabbitai]

🧹 Nitpick comments (1)

src/services/api/claude.ts (1)

517-526: ⚡ Quick win

Use the shared first-party URL helper to avoid drift

Line 517-Line 526 reimplements first-party detection with a host literal, while this file already uses isFirstPartyAnthropicBaseUrl() (Line 1922). Reusing the shared helper keeps metadata and header behavior aligned.

♻️ Proposed refactor

-  const baseUrl = process.env.ANTHROPIC_BASE_URL
-  const isThirdParty =
-    baseUrl &&
-    (() => {
-      try {
-        return new URL(baseUrl).host !== 'api.anthropic.com'
-      } catch {
-        return false
-      }
-    })()
+  const isThirdParty =
+    Boolean(process.env.ANTHROPIC_BASE_URL) &&
+    !isFirstPartyAnthropicBaseUrl()

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/services/api/claude.ts` around lines 517 - 526, The function currently
computes isThirdParty by parsing process.env.ANTHROPIC_BASE_URL and comparing
host against 'api.anthropic.com' (using local logic with baseUrl and
isThirdParty); replace that local first-party detection with a call to the
shared helper isFirstPartyAnthropicBaseUrl() (invert its result to get
isThirdParty) so the file uses the same canonical first-party logic as elsewhere
(e.g., the usage at isFirstPartyAnthropicBaseUrl() on line ~1922), ensuring
metadata and header behavior remain consistent; update any references to
baseUrl/isThirdParty to rely on the helper's result.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/services/api/claude.ts`:
- Around line 517-526: The function currently computes isThirdParty by parsing
process.env.ANTHROPIC_BASE_URL and comparing host against 'api.anthropic.com'
(using local logic with baseUrl and isThirdParty); replace that local
first-party detection with a call to the shared helper
isFirstPartyAnthropicBaseUrl() (invert its result to get isThirdParty) so the
file uses the same canonical first-party logic as elsewhere (e.g., the usage at
isFirstPartyAnthropicBaseUrl() on line ~1922), ensuring metadata and header
behavior remain consistent; update any references to baseUrl/isThirdParty to
rely on the helper's result.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 178e0d65-2d99-4940-b5ad-b2a2a0baf07a

📥 Commits

Reviewing files that changed from the base of the PR and between 5c107e5 and 941bcbd.

📒 Files selected for processing (1)

• src/services/api/claude.ts