T

Alexander 859640d814 feat(embedded): add Perses + VictoriaMetrics subprocess management with auto-download

Ultraworked with [Sisyphus](https://github.com/code-yeongyu/claude-agent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>

2026-04-14 21:56:32 +02:00

docs

docs: add metrics reference

2026-04-14 17:54:32 +02:00

examples/grafana

Grafana dashboard example

2026-04-14 20:42:46 +02:00

internal

feat(embedded): add Perses + VictoriaMetrics subprocess management with auto-download

2026-04-14 21:56:32 +02:00

.envrc

Anthropic API proxy with OAuth credential rotation and Claude Code fingerprinting

2026-04-09 21:05:32 +02:00

.gitignore

Add telemetry

2026-04-14 10:31:56 +02:00

config.example.yaml

Add telemetry

2026-04-14 10:31:56 +02:00

flake.lock

Update flake deps

2026-04-10 14:33:11 +02:00

flake.nix

Add telemetry

2026-04-14 10:31:56 +02:00

go.mod

feat(telemetry): add Prometheus exporter for embedded metrics scraping

2026-04-14 21:56:32 +02:00

go.sum

feat(telemetry): add Prometheus exporter for embedded metrics scraping

2026-04-14 21:56:32 +02:00

main.go

feat(ratelimit): track per-window token usage and utilization

2026-04-14 12:51:31 +02:00

package.nix

Add telemetry

2026-04-14 10:31:56 +02:00

README.md

docs: rewrite README to cover all proxy features

2026-04-14 13:17:54 +02:00

README.md

anthropic-proxy

Reverse proxy for the Anthropic Messages API that authenticates with a Claude subscription (OAuth) instead of an API key. Lets you use tools like OpenCode through your existing Claude Pro/Team plan.

How it works

Clients send standard Anthropic API requests to the proxy. The proxy authenticates upstream using OAuth credentials from your Claude subscription, forwards the request, and streams the response back. Requests are optionally sanitized (tool name remapping, string replacement) before forwarding and de-sanitized on return.

Features

OAuth credential management — reuses ~/.claude/.credentials.json, auto-refreshes tokens
Request sanitization — rename tools, replace strings in system prompts and body (configurable, hot-reloadable)
Rate limit tracking — polls Anthropic usage API and reads response headers to track 5h/7d utilization windows
OpenTelemetry metrics — request counts, latency, token usage, errors (optional OTLP export)
Structured logging — zerolog with file rotation via lumberjack

Quick start

cp config.example.yaml config.yaml
# edit config.yaml — set api_keys and optionally claude_binary

go build -o anthropic-proxy .
./anthropic-proxy

On first run, if no credentials exist at ~/.claude/.credentials.json, an OAuth login flow starts in your browser. If running headlessly, the authorization URL is printed to stdout. If you've already logged in with Claude Code CLI, the proxy reuses those credentials.

Nix

nix develop   # dev shell with Go
nix build     # build the binary

Client configuration

Point any Anthropic-compatible client at the proxy:

export ANTHROPIC_API_KEY=your-proxy-api-key
export ANTHROPIC_BASE_URL=http://localhost:8082

Endpoints

Method	Path	Description
POST	`/v1/messages`	Anthropic Messages API (proxied)
POST	`/messages`	Same, without `/v1` prefix
GET	`/healthz`	Health check
POST	`/reload`	Hot-reload config (sanitize rules + API keys)

Configuration

See config.example.yaml for all options. Key sections:

api_keys — keys clients use to authenticate with the proxy
sanitize — tool renames, system prompt replacements, body replacements
telemetry — OTLP endpoint, service name, auth headers
logging — level, file path, rotation settings
claude_binary — path to claude CLI for request fingerprinting (optional)