Anthropic API proxy with OAuth credential rotation and Claude Code fingerprinting

Sniffs a real Claude Code request on startup to capture exact HTTP headers,
then replays them for all proxied requests. Injects the billing header with
per-request SHA256 fingerprint into the system prompt. Uses utls with Chrome
TLS fingerprint to pass Cloudflare's bot detection on api.anthropic.com.

Supports both streaming (SSE) and non-streaming modes, round-robin credential
selection with automatic failover, and loading OAuth tokens from both
cli-proxy-api auth files and native ~/.claude/.credentials.json.

main.go

@@ -0,0 +1,60 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"os"
+	"time"
+
+	"github.com/fujin/anthropic-proxy/internal/auth"
+	"github.com/fujin/anthropic-proxy/internal/config"
+	"github.com/fujin/anthropic-proxy/internal/proxy"
+	"github.com/fujin/anthropic-proxy/internal/server"
+)
+
+func run() error {
+	log.SetFlags(log.LstdFlags)
+
+	cfg, err := config.Load("config.yaml")
+	if err != nil {
+		return fmt.Errorf("load config: %w", err)
+	}
+
+	creds, err := config.LoadCredentials(cfg)
+	if err != nil {
+		return fmt.Errorf("load credentials: %w", err)
+	}
+
+	if len(creds) == 0 {
+		return fmt.Errorf("no credentials found")
+	}
+
+	log.Printf("loaded %d credentials", len(creds))
+
+	pool := auth.NewPool(creds)
+
+	ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second)
+	defer cancel()
+	pool.RefreshExpiring(ctx)
+
+	var profile *proxy.SniffedProfile
+	if cfg.ClaudeBinary != "" {
+		log.Printf("sniffing claude-code at %s...", cfg.ClaudeBinary)
+		profile, err = proxy.SniffClaudeCode(cfg.ClaudeBinary)
+		if err != nil {
+			log.Printf("warning: sniff failed, using defaults: %v", err)
+		}
+	}
+
+	log.Printf("starting server on port %d", cfg.Port)
+	srv := server.New(cfg, pool, profile)
+	return srv.Start()
+}
+
+func main() {
+	if err := run(); err != nil {
+		log.Printf("error: %v", err)
+		os.Exit(1)
+	}
+}