Fixes, readme

Drop cli-proxy-api token handling, use only native Claude credentials.
Simplify refresh to single endpoint (platform.claude.com) with scope.
Add debug/refresh and debug/shutdown endpoints. Graceful shutdown.

internal/config/config.go

@@ -4,7 +4,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
-	"path/filepath"
 	"time"
 
 	"github.com/fujin/anthropic-proxy/internal/auth"
@@ -12,18 +11,17 @@ import (
 )
 
 type Config struct {
-	Port              int             `yaml:"port"`
-	APIKeys           []string        `yaml:"api_keys"`
-	AuthDir           string          `yaml:"auth_dir"`
-	ClaudeCredentials string          `yaml:"claude_credentials"`
-	ClaudeBinary      string          `yaml:"claude_binary"`
-	Sanitize          SanitizeConfig  `yaml:"sanitize"`
+	Port              int            `yaml:"port"`
+	APIKeys           []string       `yaml:"api_keys"`
+	ClaudeCredentials string         `yaml:"claude_credentials"`
+	ClaudeBinary      string         `yaml:"claude_binary"`
+	Sanitize          SanitizeConfig `yaml:"sanitize"`
 }
 
 type SanitizeConfig struct {
-	Tools   []RenameRule  `yaml:"tools"`
-	System  []ReplaceRule `yaml:"system"`
-	Body    []ReplaceRule `yaml:"body"`
+	Tools  []RenameRule  `yaml:"tools"`
+	System []ReplaceRule `yaml:"system"`
+	Body   []ReplaceRule `yaml:"body"`
 }
 
 type RenameRule struct {
@@ -36,14 +34,6 @@ type ReplaceRule struct {
 	Replace string `yaml:"replace"`
 }
 
-type authFileJSON struct {
-	AccessToken  string `json:"access_token"`
-	RefreshToken string `json:"refresh_token"`
-	Email        string `json:"email"`
-	Expired      string `json:"expired"`
-	Type         string `json:"type"`
-}
-
 type claudeCredentialsJSON struct {
 	ClaudeAiOauth struct {
 		AccessToken      string `json:"accessToken"`
@@ -68,28 +58,19 @@ func Load(path string) (*Config, error) {
 }
 
 func LoadCredentials(cfg *Config) ([]*auth.Credential, error) {
-	var creds []*auth.Credential
-
-	if cfg.ClaudeCredentials != "" {
-		cred, err := loadClaudeCredentials(cfg.ClaudeCredentials)
-		if err != nil {
-			return nil, fmt.Errorf("load claude credentials: %w", err)
-		}
-		creds = append(creds, cred)
+	if cfg.ClaudeCredentials == "" {
+		return nil, fmt.Errorf("claude_credentials not set")
 	}
 
-	if cfg.AuthDir != "" {
-		dirCreds, err := loadAuthDir(cfg.AuthDir)
-		if err != nil {
-			return nil, fmt.Errorf("load auth dir: %w", err)
-		}
-		creds = append(creds, dirCreds...)
+	cred, err := loadCredentials(cfg.ClaudeCredentials)
+	if err != nil {
+		return nil, err
 	}
 
-	return creds, nil
+	return []*auth.Credential{cred}, nil
 }
 
-func loadClaudeCredentials(path string) (*auth.Credential, error) {
+func loadCredentials(path string) (*auth.Credential, error) {
 	data, err := os.ReadFile(path)
 	if err != nil {
 		return nil, err
@@ -114,51 +95,3 @@ func loadClaudeCredentials(path string) (*auth.Credential, error) {
 		FilePath:     path,
 	}, nil
 }
-
-func loadAuthDir(authDir string) ([]*auth.Credential, error) {
-	pattern := filepath.Join(authDir, "*.json")
-	files, err := filepath.Glob(pattern)
-	if err != nil {
-		return nil, fmt.Errorf("glob auth files: %w", err)
-	}
-
-	var creds []*auth.Credential
-	for _, f := range files {
-		cred, err := loadAuthFile(f)
-		if err != nil {
-			return nil, fmt.Errorf("load auth file %s: %w", f, err)
-		}
-		creds = append(creds, cred)
-	}
-
-	return creds, nil
-}
-
-func loadAuthFile(path string) (*auth.Credential, error) {
-	data, err := os.ReadFile(path)
-	if err != nil {
-		return nil, err
-	}
-
-	var af authFileJSON
-	if err := json.Unmarshal(data, &af); err != nil {
-		return nil, err
-	}
-
-	expiresAt, err := time.Parse(time.RFC3339, af.Expired)
-	if err != nil {
-		expiresAt, err = time.Parse("2006-01-02T15:04:05", af.Expired)
-		if err != nil {
-			expiresAt = time.Now()
-		}
-	}
-
-	return &auth.Credential{
-		ID:           filepath.Base(path),
-		Email:        af.Email,
-		AccessToken:  af.AccessToken,
-		RefreshToken: af.RefreshToken,
-		ExpiresAt:    expiresAt,
-		FilePath:     path,
-	}, nil
-}