@oneciel-ai/claude-any 0.1.106 → 0.1.107

package/README.md

@@ -26,6 +26,22 @@
 
 ## Today's Top 3 Benefits
 
+### 2026-06-11
+
+1. **OpenRouter provider** — [OpenRouter](https://openrouter.ai/) is a first-class
+   OpenAI-compatible provider with full feature parity (model discovery,
+   provider-options, status, help), defaulting to the free
+   `nvidia/nemotron-3-ultra-550b-a55b:free` model.
+2. **Per-key cooldown for multi-key rotation** — when one key in a multi-key pool
+   hits a 429, Claude Any rests it until its rate limit resets (from
+   `X-RateLimit-Reset`/`Retry-After`) and keeps serving from the remaining keys,
+   then rejoins it automatically. Ideal for OpenRouter `:free` per-key limits.
+3. **Faithful Anthropic native behavior** — routed Anthropic no longer overrides
+   Claude Code's native per-model output cap (e.g. Fable 5 keeps its 64k default
+   instead of a forced 4096), `/model` switching reaches the chosen model instead
+   of collapsing to the menu model, and the `?beta=true` flag is forwarded so
+   long-context (1M) requests are billed correctly.
+
 ### 2026-06-05
 
 1. **Windows-aware install paths** — Claude Any now uses `%APPDATA%\claude-any`
@@ -105,7 +121,7 @@ Ollama Cloud (glm-5.1) streamed through the claude-any router with SSE word-boun
 
 Claude Any is a provider selector and compatibility launcher for Claude Code.
 It lets you choose Anthropic, Ollama, Ollama Cloud, DeepSeek.com, OpenCode Zen,
-OpenCode Go, LM Studio,
+OpenCode Go, OpenRouter, LM Studio,
 vLLM, NVIDIA hosted models, or self-hosted NIM before Claude Code starts, then
 passes normal Claude Code arguments through unchanged.
 
@@ -224,6 +240,19 @@ For OpenCode Go:
 claude-any --ca-provider opencode-go --ca-base-url https://opencode.ai/zen/go --ca-model qwen3.6-plus --ca-api-key-env OPENCODE_GO_API_KEY --ca-provider-option endpoint:custom-model=chat --ca-no-launch
 ```
 
+For [OpenRouter](https://openrouter.ai/) (OpenAI-compatible; access to hundreds of
+models through one key). The default model is the free
+`nvidia/nemotron-3-ultra-550b-a55b:free`; pick any slug from OpenRouter's catalog:
+
+```sh
+claude-any --ca-provider openrouter --ca-model nvidia/nemotron-3-ultra-550b-a55b:free --ca-api-key-env OPENROUTER_API_KEY --ca-no-launch
+```
+
+OpenRouter free (`:free`) models are rate-limited per key (e.g. 20 requests/min),
+so this is a natural fit for multi-key round-robin (below): store several keys and
+Claude Any spreads requests across them and rests any key that hits a 429 until
+its rate limit resets.
+
 `--ca-provider-option KEY=VALUE` applies a provider option to the current
 provider; use `--ca-set-provider-option PROVIDER KEY=VALUE` when a script needs
 to configure a provider other than the current one. OpenCode endpoint overrides
@@ -368,14 +397,23 @@ passthrough arguments are all configurable without opening the menu. API keys
 can be passed directly with `--ca-api-key`, but `--ca-api-key-env` is safer for
 scripts because the secret does not appear in shell history.
 
-For high-token routed sessions such as ultracode, store multiple keys for the
-same provider and Claude Any will rotate them per upstream request:
+For high-token routed sessions such as ultracode, or for rate-limited free models
+like OpenRouter `:free`, store multiple keys for the same provider and Claude Any
+will rotate them per upstream request:
 
 ```sh
-export OPENCODE_API_KEYS="KEY1,KEY2,KEY3"
-claude-any --ca-provider opencode --ca-api-keys-env OPENCODE_API_KEYS --ca-no-launch
+export OPENROUTER_API_KEYS="KEY1,KEY2,KEY3,KEY4"
+claude-any --ca-provider openrouter --ca-api-keys-env OPENROUTER_API_KEYS --ca-no-launch
+# or directly: claude-any set-api-keys openrouter KEY1,KEY2,KEY3,KEY4
 ```
 
+Rotation is round-robin **with per-key cooldown**: if one key returns a 429, that
+key rests until its rate limit resets — Claude Any reads the reset time from the
+response (`X-RateLimit-Reset`, falling back to `Retry-After`), skips the resting
+key, and keeps serving from the remaining keys; the key automatically rejoins the
+rotation once its cooldown expires. A key that exhausts a daily quota rests until
+the quota refreshes rather than retrying every hour.
+
 This distributes provider quota/rate usage across keys; it does not reduce the
 task's actual token consumption. The menu also accepts comma/newline-separated
 keys in the API-key input paths and shows a masked primary key plus a short

package/claude-any-tool-guard.py

@@ -524,7 +524,9 @@ def handle_stop(event: dict[str, Any]) -> int:
         return 0
     session_id = str(event.get("session_id") or "")
     transcript_path = str(event.get("transcript_path") or "")
-    if active():
+    # Also run the plan-idle block for bypass-only (anthropic-routed) sessions:
+    # the plan auto-exit guarantee must hold regardless of provider.
+    if active() or bypass_permissions_enabled():
         should_block, reason = should_block_plan_stop(transcript_path)
         if should_block:
             out = {"decision": "block", "reason": reason, "suppressOutput": True}
@@ -638,6 +640,11 @@ def handle_pre_tool(event: dict[str, Any]) -> None:
         return
 
     if tool in {"EnterPlanMode", "ExitPlanMode"}:
+        # Under bypass, always auto-allow ExitPlanMode before any transcript-based
+        # stale check -- the session must escape plan mode without a human, and a
+        # truncated transcript must not be able to deny the exit.
+        if tool == "ExitPlanMode" and handle_plan_exit_pre_tool(event):
+            return
         transcript_path = str(event.get("transcript_path") or "")
         if transcript_path:
             in_plan_mode = transcript_plan_mode_active(transcript_path)
@@ -721,6 +728,32 @@ def handle_post_failure(event: dict[str, Any]) -> None:
         post_failure_context(hint)
 
 
+def handle_plan_exit_pre_tool(event: dict[str, Any]) -> bool:
+    """Auto-allow ExitPlanMode on PreToolUse for a bypass session.
+
+    PermissionRequest hooks do not fire in headless ``-p`` mode, so the
+    PermissionRequest-based auto-allow (handle_permission_request) never runs
+    there and a bypass session would deadlock at plan approval. PreToolUse fires
+    in every mode, so allowing ExitPlanMode here covers headless and interactive
+    sessions alike. We do NOT consult the transcript: a long plan-mode session
+    can push the EnterPlanMode marker out of the 240-line read window, which
+    would make a stale-detection check wrongly deny the very ExitPlanMode the
+    session needs to escape. Under bypass, exiting plan mode is always safe to
+    allow.
+    """
+    if not bypass_permissions_enabled():
+        return False
+    raw = event.get("tool_input")
+    updated = raw if isinstance(raw, dict) else {}
+    log_event("PreToolUse auto-allowed ExitPlanMode under bypass permissions")
+    pre_allow(
+        updated,
+        "ExitPlanMode auto-allowed because claude-any launched with bypass permissions.",
+        "Bypass session must not stall on plan approval; exiting plan mode and continuing.",
+    )
+    return True
+
+
 def handle_permission_request(event: dict[str, Any]) -> bool:
     tool = event_tool_name(event)
     if tool != "ExitPlanMode":
@@ -807,19 +840,34 @@ def main() -> int:
         return 0
     name = str(event.get("hook_event_name") or "")
     provider = os.environ.get("CLAUDE_ANY_PROVIDER", "").strip()
-    is_active = active()
+    # Stay active for any session Claude Any launched with bypass permissions,
+    # even when the provider is "anthropic" (anthropic-routed mode), which is
+    # NOT in NON_NATIVE_PROVIDERS. Such a session runs --permission-mode
+    # bypassPermissions and must never stall on a human plan-approval decision,
+    # so the guard's plan auto-exit has to run for it. CLAUDE_ANY_BYPASS_PERMISSIONS
+    # is set only on Claude-Any-launched sessions (it is popped for direct-native
+    # launches), so this never re-activates the guard for a plain native session.
+    provider_active = active()
+    bypass_active = bypass_permissions_enabled()
+    is_active = provider_active or bypass_active
     if not is_active:
         if provider:
             log_event(f"inactive provider={provider}")
         return 0
 
-    # Claude Any hooks are installed in Claude Code's global settings, so they
-    # must be silent for native Claude sessions. Only alter worktree, stop, and
-    # tool behavior when Claude Any launched the process with an active provider.
+    # Bypass-only activation (anthropic-routed: provider not in NON_NATIVE_PROVIDERS
+    # but launched with bypassPermissions). Here the guard's ONLY job is to keep
+    # the autonomous session from stalling on plan approval. It must NOT normalize
+    # or deny other tool calls -- a native Anthropic model emits correct schemas,
+    # and rewriting its tool input would be a regression. So when only bypass is
+    # active, we handle plan auto-exit (Stop idle-block, ExitPlanMode auto-allow on
+    # both PermissionRequest and PreToolUse) and otherwise stay silent.
+    plan_only = bypass_active and not provider_active
+
     if name == "WorktreeCreate":
-        return handle_worktree_create(event)
+        return 0 if plan_only else handle_worktree_create(event)
     if name == "WorktreeRemove":
-        return handle_worktree_remove(event)
+        return 0 if plan_only else handle_worktree_remove(event)
     if name in {"Stop", "SubagentStop"}:
         return handle_stop(event)
     if name == "PermissionRequest":
@@ -843,6 +891,12 @@ def main() -> int:
         raw = event.get("tool_input")
         keys = list(raw.keys()) if isinstance(raw, dict) else []
         log_event(f"PreToolUse seen provider={provider} tool={tool} keys={keys}")
+        if plan_only:
+            # Native model under bypass: only auto-allow ExitPlanMode, never
+            # touch other tool input.
+            if tool == "ExitPlanMode":
+                handle_plan_exit_pre_tool(event)
+            return 0
         handle_pre_tool(event)
     elif name == "PostToolUseFailure":
         handle_post_failure(event)