Add request sanitizer, background token refresh, and OpenCode support

Sanitizer renames tool names and replaces system prompt patterns
that Anthropic fingerprints to detect non-Claude-Code clients.
Lowercase tool names (bash, read, glob, etc.) combined together
trigger rejection — renaming to PascalCase bypasses this.
Configurable via YAML sanitize rules for tools, system, and body.

Background OAuth token refresh every 30s with 5-minute pre-expiry
lead. Uses Chrome TLS fingerprint for refresh endpoint too.

Adds /messages route (without /v1 prefix) for OpenCode compat.

This commit is contained in:

Alexander

2026-04-09 22:52:43 +02:00

parent c4c1d4daa4

commit 909c8b1894

11 changed files with 428 additions and 89 deletions

									
										flake.nix
									
		+2
		
												View File
												
				@@ -35,6 +35,8 @@

				            curl

				            jq

				            claude-code

				            opencode

				            mitmproxy

				          ];

				          shellHook = ''