anthropic-proxy/README.md

# anthropic-proxy

Reverse proxy that lets OpenCode (and similar tools) use a Claude subscription instead of an API key.

## Prerequisites

- Go 1.26+

Optional: [Nix](https://nixos.org/) flake for dev shell (`nix develop`).

## Setup

```
cp config.example.yaml config.yaml
```

Edit `config.yaml`:
- `api_keys` — key(s) your clients use to authenticate with the proxy
- `claude_binary` — optional path to `claude` binary (used for request fingerprinting via sniff only)

## Authentication

On first run, if no credentials are found at `~/.claude/.credentials.json`, the proxy starts an OAuth login flow in your browser. Credentials are stored at `~/.claude/.credentials.json` (the same file Claude Code CLI uses). On subsequent runs, existing credentials are reused and refreshed automatically.

If running headlessly (SSH/server), the authorization URL is printed to stdout and you can paste the authorization code manually.

If you've already logged in with Claude Code CLI, the proxy will use the same credentials.

## Build and run

```
go build -o anthropic-proxy .
./anthropic-proxy
```

## Usage with OpenCode

```
export ANTHROPIC_API_KEY=your-proxy-api-key
export ANTHROPIC_BASE_URL=http://localhost:8082
opencode
```

## Endpoints

| Method | Path | Description |
|--------|------|-------------|
| POST | `/v1/messages` | Anthropic messages API (proxied) |
| POST | `/messages` | Same, without `/v1` prefix |
| GET | `/healthz` | Health check |
| POST | `/reload` | Hot-reload `config.yaml` |

## Request sanitization

The `sanitize` section in config renames tool names and replaces strings in system prompts before forwarding to Anthropic. Responses are de-sanitized before returning to the client.

See `config.example.yaml` for the default rules.

Reload after editing config:

```
curl -X POST localhost:8082/reload
```