@vacbo/opencode-anthropic-fix 0.1.3 → 0.1.5

package/src/backoff.test.ts

@@ -2,6 +2,7 @@ import { describe, expect, it } from "vitest";
 import {
   calculateBackoffMs,
   isAccountSpecificError,
+  isRetriableNetworkError,
   parseRateLimitReason,
   parseRetryAfterHeader,
   parseRetryAfterMsHeader,
@@ -235,6 +236,30 @@ describe("parseRateLimitReason", () => {
   });
 });
 
+// ---------------------------------------------------------------------------
+// isRetriableNetworkError
+// ---------------------------------------------------------------------------
+
+describe("isRetriableNetworkError", () => {
+  it("returns true for retryable connection reset codes", () => {
+    const error = Object.assign(new Error("socket died"), {
+      code: "ECONNRESET",
+    });
+
+    expect(isRetriableNetworkError(error)).toBe(true);
+  });
+
+  it("returns true for Bun proxy upstream reset messages", () => {
+    expect(isRetriableNetworkError(new Error("Bun proxy upstream error: Connection reset by server"))).toBe(true);
+  });
+
+  it("returns false for user abort errors", () => {
+    const error = new DOMException("The operation was aborted", "AbortError");
+
+    expect(isRetriableNetworkError(error)).toBe(false);
+  });
+});
+
 // ---------------------------------------------------------------------------
 // calculateBackoffMs
 // ---------------------------------------------------------------------------

package/src/backoff.ts

@@ -4,6 +4,26 @@ const QUOTA_EXHAUSTED_BACKOFFS = [60_000, 300_000, 1_800_000, 7_200_000];
 const AUTH_FAILED_BACKOFF = 5_000;
 const RATE_LIMIT_EXCEEDED_BACKOFF = 30_000;
 const MIN_BACKOFF_MS = 2_000;
+const RETRIABLE_NETWORK_ERROR_CODES = new Set(["ECONNRESET", "ECONNREFUSED", "EPIPE", "ETIMEDOUT", "UND_ERR_SOCKET"]);
+const NON_RETRIABLE_ERROR_NAMES = new Set(["AbortError", "TimeoutError", "APIUserAbortError"]);
+const RETRIABLE_NETWORK_ERROR_MESSAGES = [
+  "bun proxy upstream error",
+  "connection reset by peer",
+  "connection reset by server",
+  "econnreset",
+  "econnrefused",
+  "epipe",
+  "etimedout",
+  "fetch failed",
+  "network connection lost",
+  "socket hang up",
+  "und_err_socket",
+];
+
+interface ErrorWithCode extends Error {
+  code?: string;
+  cause?: unknown;
+}
 
 /**
  * Parse the Retry-After header from a response.
@@ -132,6 +152,69 @@ function bodyHasAccountError(body: string | object | null | undefined): boolean
   );
 }
 
+function collectErrorChain(error: unknown): ErrorWithCode[] {
+  const queue: unknown[] = [error];
+  const visited = new Set<unknown>();
+  const chain: ErrorWithCode[] = [];
+
+  while (queue.length > 0) {
+    const candidate = queue.shift();
+    if (candidate == null || visited.has(candidate)) {
+      continue;
+    }
+
+    visited.add(candidate);
+
+    if (candidate instanceof Error) {
+      const typedCandidate = candidate as ErrorWithCode;
+      chain.push(typedCandidate);
+      if (typedCandidate.cause !== undefined) {
+        queue.push(typedCandidate.cause);
+      }
+      continue;
+    }
+
+    if (typeof candidate === "object" && "cause" in candidate) {
+      queue.push((candidate as { cause?: unknown }).cause);
+    }
+  }
+
+  return chain;
+}
+
+/**
+ * Check whether an error represents a transient transport/network failure.
+ */
+export function isRetriableNetworkError(error: unknown): boolean {
+  if (typeof error === "string") {
+    const text = error.toLowerCase();
+    return RETRIABLE_NETWORK_ERROR_MESSAGES.some((signal) => text.includes(signal));
+  }
+
+  const chain = collectErrorChain(error);
+  if (chain.length === 0) {
+    return false;
+  }
+
+  for (const candidate of chain) {
+    if (NON_RETRIABLE_ERROR_NAMES.has(candidate.name)) {
+      return false;
+    }
+
+    const code = candidate.code?.toUpperCase();
+    if (code && RETRIABLE_NETWORK_ERROR_CODES.has(code)) {
+      return true;
+    }
+
+    const message = candidate.message.toLowerCase();
+    if (RETRIABLE_NETWORK_ERROR_MESSAGES.some((signal) => message.includes(signal))) {
+      return true;
+    }
+  }
+
+  return false;
+}
+
 /**
  * Check whether an HTTP response represents an account-specific error
  * that would benefit from switching to a different account.

package/src/bun-fetch.test.ts

@@ -2,6 +2,8 @@ import { afterEach, beforeEach, describe, expect, it, vi, type Mock } from "vite
 
 import { createDeferred, createDeferredQueue } from "./__tests__/helpers/deferred.js";
 import { createMockBunProxy } from "./__tests__/helpers/mock-bun-proxy.js";
+import type * as FsModule from "node:fs";
+import type * as BunFetchModule from "./bun-fetch.js";
 
 let execFileSyncMock: Mock;
 let spawnMock: Mock;
@@ -20,7 +22,7 @@ vi.mock("node:child_process", () => ({
 }));
 
 vi.mock("node:fs", async () => {
-  const actual = await vi.importActual<typeof import("node:fs")>("node:fs");
+  const actual = await vi.importActual<typeof FsModule>("node:fs");
 
   return {
     ...actual,
@@ -32,7 +34,7 @@ vi.mock("node:fs", async () => {
   };
 });
 
-type BunFetchModule = Awaited<typeof import("./bun-fetch.js")> & {
+type BunFetchModuleType = Awaited<typeof BunFetchModule> & {
   createBunFetch?: (options?: { debug?: boolean; onProxyStatus?: (status: unknown) => void }) => {
     fetch: (input: string | URL | Request, init?: RequestInit) => Promise<Response>;
     shutdown: () => Promise<void>;
@@ -41,12 +43,12 @@ type BunFetchModule = Awaited<typeof import("./bun-fetch.js")> & {
 };
 
 async function readBunFetchSource(): Promise<string> {
-  const fs = await vi.importActual<typeof import("node:fs")>("node:fs");
+  const fs = await vi.importActual<typeof FsModule>("node:fs");
   return fs.readFileSync(new URL("./bun-fetch.ts", import.meta.url), "utf8");
 }
 
-async function loadBunFetchModule(): Promise<BunFetchModule> {
-  return import("./bun-fetch.js") as Promise<BunFetchModule>;
+async function loadBunFetchModule(): Promise<BunFetchModuleType> {
+  return import("./bun-fetch.js") as Promise<BunFetchModuleType>;
 }
 
 function installMockFetch(implementation?: Parameters<typeof vi.fn>[0]): ReturnType<typeof vi.fn> {
@@ -55,7 +57,7 @@ function installMockFetch(implementation?: Parameters<typeof vi.fn>[0]): ReturnT
   return fetchMock;
 }
 
-function getCreateBunFetch(moduleNs: BunFetchModule): NonNullable<BunFetchModule["createBunFetch"]> {
+function getCreateBunFetch(moduleNs: BunFetchModuleType): NonNullable<BunFetchModuleType["createBunFetch"]> {
   const createBunFetch = moduleNs.createBunFetch;
 
   expect(createBunFetch, "T20 must export createBunFetch() for per-instance lifecycle ownership").toBeTypeOf(
@@ -70,7 +72,7 @@ function getCreateBunFetch(moduleNs: BunFetchModule): NonNullable<BunFetchModule
 }
 
 beforeEach(async () => {
-  const fs = await vi.importActual<typeof import("node:fs")>("node:fs");
+  const fs = await vi.importActual<typeof FsModule>("node:fs");
 
   vi.resetModules();
   vi.useRealTimers();

package/src/bun-fetch.ts

@@ -172,6 +172,7 @@ export function createBunFetch(options: BunFetchOptions = {}): BunFetchInstance
 
   const reportFallback = (reason: string, _debugOverride?: boolean): void => {
     onProxyStatus?.(getStatus(reason, "fallback"));
+    // eslint-disable-next-line no-console -- startup diagnostic for Bun unavailability; user-facing fallback notice
     console.error(
       `[opencode-anthropic-auth] Native fetch fallback engaged (${reason}); Bun proxy fingerprint mimicry disabled for this request`,
     );
@@ -393,6 +394,7 @@ export function createBunFetch(options: BunFetchOptions = {}): BunFetchInstance
       }
 
       if (resolveDebug(debugOverride)) {
+        // eslint-disable-next-line no-console -- debug-gated proxy status log; only emits when OPENCODE_ANTHROPIC_DEBUG=1
         console.error(`[opencode-anthropic-auth] Routing through Bun proxy at :${port} → ${url}`);
       }
 
@@ -400,9 +402,11 @@ export function createBunFetch(options: BunFetchOptions = {}): BunFetchInstance
         try {
           await writeDebugArtifacts(url, init ?? {});
           if ((init?.body ?? null) !== null && url.includes("/v1/messages") && !url.includes("count_tokens")) {
+            // eslint-disable-next-line no-console -- debug-gated diagnostic; confirms request artifact dump location
             console.error("[opencode-anthropic-auth] Dumped request to /tmp/opencode-last-request.json");
           }
         } catch (error) {
+          // eslint-disable-next-line no-console -- error-path diagnostic surfaced to stderr for operator visibility
           console.error("[opencode-anthropic-auth] Failed to dump request:", error);
         }
       }

package/src/bun-proxy.test.ts

@@ -0,0 +1,37 @@
+import { describe, expect, it, vi } from "vitest";
+
+import { createProxyRequestHandler } from "./bun-proxy.js";
+
+function makeProxyRequest(headers?: HeadersInit): Request {
+  const requestHeaders = new Headers(headers);
+  requestHeaders.set("x-proxy-url", "https://api.anthropic.com/v1/messages");
+  requestHeaders.set("content-type", "application/json");
+
+  return new Request("http://127.0.0.1/proxy", {
+    method: "POST",
+    headers: requestHeaders,
+    body: JSON.stringify({ ok: true }),
+  });
+}
+
+describe("createProxyRequestHandler", () => {
+  it("forwards retry requests with keepalive disabled to the upstream fetch", async () => {
+    const upstreamFetch = vi.fn(async (_input, init?: RequestInit) => {
+      expect(init?.keepalive).toBe(false);
+      const forwardedHeaders = init?.headers instanceof Headers ? init.headers : new Headers(init?.headers);
+      expect(forwardedHeaders.get("connection")).toBe("close");
+      expect(forwardedHeaders.get("x-proxy-disable-keepalive")).toBeNull();
+      return new Response("ok", { status: 200 });
+    });
+    const handler = createProxyRequestHandler({
+      fetchImpl: upstreamFetch as typeof fetch,
+      allowHosts: ["api.anthropic.com"],
+      requestTimeoutMs: 50,
+    });
+
+    const response = await handler(makeProxyRequest({ "x-proxy-disable-keepalive": "true" }));
+
+    await expect(response.text()).resolves.toBe("ok");
+    expect(upstreamFetch).toHaveBeenCalledTimes(1);
+  });
+});

package/src/bun-proxy.ts

@@ -8,6 +8,7 @@ const DEFAULT_REQUEST_TIMEOUT_MS = 600_000;
 const DEFAULT_PARENT_EXIT_CODE = 1;
 const DEFAULT_PARENT_POLL_INTERVAL_MS = 5_000;
 const HEALTH_PATH = "/__health";
+const PROXY_DISABLE_KEEPALIVE_HEADER = "x-proxy-disable-keepalive";
 const DEBUG_ENABLED = process.env.OPENCODE_ANTHROPIC_DEBUG === "1";
 
 interface ProxyRequestHandlerOptions {
@@ -85,11 +86,16 @@ function createDefaultParentWatcherFactory(): ParentWatcherFactory {
     });
 }
 
-function sanitizeForwardHeaders(source: Headers): Headers {
+function sanitizeForwardHeaders(source: Headers, forceFreshConnection = false): Headers {
   const headers = new Headers(source);
-  ["x-proxy-url", "host", "connection", "content-length"].forEach((headerName) => {
+  [PROXY_DISABLE_KEEPALIVE_HEADER, "x-proxy-url", "host", "connection", "content-length"].forEach((headerName) => {
     headers.delete(headerName);
   });
+
+  if (forceFreshConnection) {
+    headers.set("connection", "close");
+  }
+
   return headers;
 }
 
@@ -161,11 +167,13 @@ async function createUpstreamInit(req: Request, signal: AbortSignal): Promise<Re
   const method = req.method || "GET";
   const hasBody = method !== "GET" && method !== "HEAD";
   const bodyText = hasBody ? await req.text() : "";
+  const forceFreshConnection = req.headers.get(PROXY_DISABLE_KEEPALIVE_HEADER) === "true";
 
   return {
     method,
-    headers: sanitizeForwardHeaders(req.headers),
+    headers: sanitizeForwardHeaders(req.headers, forceFreshConnection),
     signal,
+    ...(forceFreshConnection ? { keepalive: false } : {}),
     ...(hasBody && bodyText.length > 0 ? { body: bodyText } : {}),
   };
 }

package/src/circuit-breaker.test.ts

@@ -1,5 +1,5 @@
-import { describe, expect, it, vi, beforeEach } from "vitest";
-import { createCircuitBreaker, CircuitBreaker, CircuitState } from "./circuit-breaker.js";
+import { describe, expect, it, vi } from "vitest";
+import { createCircuitBreaker, CircuitState } from "./circuit-breaker.js";
 
 // ---------------------------------------------------------------------------
 // Circuit Breaker - Core State Tests

package/src/config.test.ts

@@ -41,6 +41,10 @@ describe("DEFAULT_CONFIG", () => {
     expect(DEFAULT_CONFIG.signature_emulation.prompt_compaction).toBe("minimal");
   });
 
+  it("disables sanitize_system_prompt by default", () => {
+    expect(DEFAULT_CONFIG.signature_emulation.sanitize_system_prompt).toBe(false);
+  });
+
   it("has toast defaults", () => {
     expect(DEFAULT_CONFIG.toasts.quiet).toBe(false);
     expect(DEFAULT_CONFIG.toasts.debounce_seconds).toBe(30);
@@ -391,3 +395,113 @@ describe("loadConfig", () => {
     expect(config.cc_credential_reuse.auto_detect).toBe(false);
   });
 });
+
+describe("loadConfig - sanitize_system_prompt field", () => {
+  beforeEach(() => {
+    vi.resetAllMocks();
+    delete process.env.OPENCODE_ANTHROPIC_SANITIZE_SYSTEM_PROMPT;
+  });
+
+  afterEach(() => {
+    delete process.env.OPENCODE_ANTHROPIC_SANITIZE_SYSTEM_PROMPT;
+  });
+
+  it("honors nested signature_emulation.sanitize_system_prompt = true", () => {
+    mockExistsSync.mockReturnValue(true);
+    mockReadFileSync.mockReturnValue(
+      JSON.stringify({
+        signature_emulation: { sanitize_system_prompt: true },
+      }),
+    );
+    const config = loadConfig();
+    expect(config.signature_emulation.sanitize_system_prompt).toBe(true);
+  });
+
+  it("honors nested signature_emulation.sanitize_system_prompt = false", () => {
+    mockExistsSync.mockReturnValue(true);
+    mockReadFileSync.mockReturnValue(
+      JSON.stringify({
+        signature_emulation: { sanitize_system_prompt: false },
+      }),
+    );
+    const config = loadConfig();
+    expect(config.signature_emulation.sanitize_system_prompt).toBe(false);
+  });
+
+  it("honors top-level sanitize_system_prompt alias = true", () => {
+    mockExistsSync.mockReturnValue(true);
+    mockReadFileSync.mockReturnValue(
+      JSON.stringify({
+        sanitize_system_prompt: true,
+      }),
+    );
+    const config = loadConfig();
+    expect(config.signature_emulation.sanitize_system_prompt).toBe(true);
+  });
+
+  it("honors top-level sanitize_system_prompt alias = false (the user's existing config)", () => {
+    mockExistsSync.mockReturnValue(true);
+    mockReadFileSync.mockReturnValue(
+      JSON.stringify({
+        debug: false,
+        sanitize_system_prompt: false,
+      }),
+    );
+    const config = loadConfig();
+    expect(config.signature_emulation.sanitize_system_prompt).toBe(false);
+    expect(config.debug).toBe(false);
+  });
+
+  it("top-level alias takes precedence over nested signature_emulation.sanitize_system_prompt", () => {
+    mockExistsSync.mockReturnValue(true);
+    mockReadFileSync.mockReturnValue(
+      JSON.stringify({
+        signature_emulation: { sanitize_system_prompt: true },
+        sanitize_system_prompt: false,
+      }),
+    );
+    const config = loadConfig();
+    expect(config.signature_emulation.sanitize_system_prompt).toBe(false);
+  });
+
+  it("ignores non-boolean top-level sanitize_system_prompt value", () => {
+    mockExistsSync.mockReturnValue(true);
+    mockReadFileSync.mockReturnValue(
+      JSON.stringify({
+        sanitize_system_prompt: "yes",
+      }),
+    );
+    const config = loadConfig();
+    expect(config.signature_emulation.sanitize_system_prompt).toBe(false);
+  });
+
+  it("OPENCODE_ANTHROPIC_SANITIZE_SYSTEM_PROMPT=1 forces it on", () => {
+    mockExistsSync.mockReturnValue(true);
+    mockReadFileSync.mockReturnValue(JSON.stringify({ sanitize_system_prompt: false }));
+    process.env.OPENCODE_ANTHROPIC_SANITIZE_SYSTEM_PROMPT = "1";
+    const config = loadConfig();
+    expect(config.signature_emulation.sanitize_system_prompt).toBe(true);
+  });
+
+  it("OPENCODE_ANTHROPIC_SANITIZE_SYSTEM_PROMPT=0 forces it off", () => {
+    mockExistsSync.mockReturnValue(true);
+    mockReadFileSync.mockReturnValue(JSON.stringify({ sanitize_system_prompt: true }));
+    process.env.OPENCODE_ANTHROPIC_SANITIZE_SYSTEM_PROMPT = "0";
+    const config = loadConfig();
+    expect(config.signature_emulation.sanitize_system_prompt).toBe(false);
+  });
+
+  it("OPENCODE_ANTHROPIC_SANITIZE_SYSTEM_PROMPT=true forces it on", () => {
+    mockExistsSync.mockReturnValue(false);
+    process.env.OPENCODE_ANTHROPIC_SANITIZE_SYSTEM_PROMPT = "true";
+    const config = loadConfig();
+    expect(config.signature_emulation.sanitize_system_prompt).toBe(true);
+  });
+
+  it("OPENCODE_ANTHROPIC_SANITIZE_SYSTEM_PROMPT=false forces it off", () => {
+    mockExistsSync.mockReturnValue(false);
+    process.env.OPENCODE_ANTHROPIC_SANITIZE_SYSTEM_PROMPT = "false";
+    const config = loadConfig();
+    expect(config.signature_emulation.sanitize_system_prompt).toBe(false);
+  });
+});

package/src/config.ts

@@ -60,6 +60,7 @@ export interface AnthropicAuthConfig {
     enabled: boolean;
     fetch_claude_code_version_on_startup: boolean;
     prompt_compaction: "minimal" | "off";
+    sanitize_system_prompt: boolean;
   };
   override_model_limits: OverrideModelLimitsConfig;
   custom_betas: string[];
@@ -83,6 +84,7 @@ export const DEFAULT_CONFIG: AnthropicAuthConfig = {
     enabled: true,
     fetch_claude_code_version_on_startup: true,
     prompt_compaction: "minimal",
+    sanitize_system_prompt: false,
   },
   override_model_limits: {
     enabled: true,
@@ -193,9 +195,21 @@ function validateConfig(raw: Record<string, unknown>): AnthropicAuthConfig {
         se.prompt_compaction === "off" || se.prompt_compaction === "minimal"
           ? se.prompt_compaction
           : DEFAULT_CONFIG.signature_emulation.prompt_compaction,
+      sanitize_system_prompt:
+        typeof se.sanitize_system_prompt === "boolean"
+          ? se.sanitize_system_prompt
+          : DEFAULT_CONFIG.signature_emulation.sanitize_system_prompt,
     };
   }
 
+  // Top-level alias: `sanitize_system_prompt` is honored as a convenience so
+  // users can flip it on/off without learning the nested signature_emulation
+  // schema. The top-level value, when set, takes precedence over the nested
+  // one because it's the more specific user intent.
+  if (typeof raw.sanitize_system_prompt === "boolean") {
+    config.signature_emulation.sanitize_system_prompt = raw.sanitize_system_prompt;
+  }
+
   if (raw.override_model_limits && typeof raw.override_model_limits === "object") {
     const oml = raw.override_model_limits as Record<string, unknown>;
     config.override_model_limits = {
@@ -368,6 +382,19 @@ function applyEnvOverrides(config: AnthropicAuthConfig): AnthropicAuthConfig {
     config.signature_emulation.prompt_compaction = "minimal";
   }
 
+  if (
+    env.OPENCODE_ANTHROPIC_SANITIZE_SYSTEM_PROMPT === "1" ||
+    env.OPENCODE_ANTHROPIC_SANITIZE_SYSTEM_PROMPT === "true"
+  ) {
+    config.signature_emulation.sanitize_system_prompt = true;
+  }
+  if (
+    env.OPENCODE_ANTHROPIC_SANITIZE_SYSTEM_PROMPT === "0" ||
+    env.OPENCODE_ANTHROPIC_SANITIZE_SYSTEM_PROMPT === "false"
+  ) {
+    config.signature_emulation.sanitize_system_prompt = false;
+  }
+
   if (env.OPENCODE_ANTHROPIC_OVERRIDE_MODEL_LIMITS === "1" || env.OPENCODE_ANTHROPIC_OVERRIDE_MODEL_LIMITS === "true") {
     config.override_model_limits.enabled = true;
   }

package/src/env.ts

@@ -99,19 +99,42 @@ export function logTransformedSystemPrompt(body: string | undefined): void {
     const parsed = JSON.parse(body);
     if (!Object.hasOwn(parsed, "system")) return;
     // Avoid circular import: inline the title-check here
+    const isTitleGeneratorText = (text: unknown): boolean => {
+      if (typeof text !== "string") return false;
+      const lowered = text.trim().toLowerCase();
+      return lowered.includes("you are a title generator") || lowered.includes("generate a brief title");
+    };
+
     const system = parsed.system;
     if (
       Array.isArray(system) &&
-      system.some(
-        (item: { type?: string; text?: string }) =>
-          item.type === "text" &&
-          typeof item.text === "string" &&
-          (item.text.trim().toLowerCase().includes("you are a title generator") ||
-            item.text.trim().toLowerCase().includes("generate a brief title")),
-      )
+      system.some((item: { type?: string; text?: string }) => item.type === "text" && isTitleGeneratorText(item.text))
     ) {
       return;
     }
+
+    // The plugin relocates non-CC system blocks into the first user message
+    // wrapped in <system-instructions>. Check there too so title-generator
+    // requests are still suppressed from the debug log after the relocation
+    // pass runs.
+    const messages = parsed.messages;
+    if (Array.isArray(messages) && messages.length > 0) {
+      const firstMsg = messages[0];
+      if (firstMsg && firstMsg.role === "user") {
+        const content = firstMsg.content;
+        if (typeof content === "string" && isTitleGeneratorText(content)) {
+          return;
+        }
+        if (Array.isArray(content)) {
+          for (const block of content) {
+            if (block && typeof block === "object" && isTitleGeneratorText((block as { text?: unknown }).text)) {
+              return;
+            }
+          }
+        }
+      }
+    }
+
     // eslint-disable-next-line no-console -- explicit debug logger gated by OPENCODE_ANTHROPIC_DEBUG_SYSTEM_PROMPT
     console.error(
       "[opencode-anthropic-auth][system-debug] transformed system:",

package/src/index.ts

@@ -71,6 +71,7 @@ export async function AnthropicAuthPlugin({
   const signatureEmulationEnabled = config.signature_emulation.enabled;
   const promptCompactionMode =
     config.signature_emulation.prompt_compaction === "off" ? ("off" as const) : ("minimal" as const);
+  const signatureSanitizeSystemPrompt = config.signature_emulation.sanitize_system_prompt === true;
   const shouldFetchClaudeCodeVersion =
     signatureEmulationEnabled && config.signature_emulation.fetch_claude_code_version_on_startup;
 
@@ -456,6 +457,7 @@ export async function AnthropicAuthPlugin({
                       enabled: signatureEmulationEnabled,
                       claudeCliVersion,
                       promptCompactionMode,
+                      sanitizeSystemPrompt: signatureSanitizeSystemPrompt,
                     },
                     {
                       persistentUserId: signatureUserId,
@@ -479,6 +481,7 @@ export async function AnthropicAuthPlugin({
                   enabled: signatureEmulationEnabled,
                   claudeCliVersion,
                   promptCompactionMode,
+                  sanitizeSystemPrompt: signatureSanitizeSystemPrompt,
                   customBetas: config.custom_betas,
                   strategy: config.account_selection_strategy,
                 });
@@ -515,12 +518,40 @@ export async function AnthropicAuthPlugin({
 
                 let response: Response;
                 const fetchInput = requestInput as string | URL | Request;
-                try {
-                  response = await fetchWithTransport(fetchInput, {
+                const buildTransportRequestInit = (
+                  headers: Headers,
+                  requestBody: RequestInit["body"],
+                  forceFreshConnection: boolean,
+                ): RequestInit => {
+                  const requestHeadersForTransport = new Headers(headers);
+                  if (forceFreshConnection) {
+                    requestHeadersForTransport.set("connection", "close");
+                    requestHeadersForTransport.set("x-proxy-disable-keepalive", "true");
+                  } else {
+                    requestHeadersForTransport.delete("connection");
+                    requestHeadersForTransport.delete("x-proxy-disable-keepalive");
+                  }
+
+                  return {
                     ...requestInit,
-                    body,
-                    headers: requestHeaders,
-                  });
+                    body: requestBody,
+                    headers: requestHeadersForTransport,
+                    ...(forceFreshConnection ? { keepalive: false } : {}),
+                  };
+                };
+
+                try {
+                  response = await fetchWithRetry(
+                    async ({ forceFreshConnection }) =>
+                      fetchWithTransport(
+                        fetchInput,
+                        buildTransportRequestInit(requestHeaders, body, forceFreshConnection),
+                      ),
+                    {
+                      maxRetries: 2,
+                      shouldRetryResponse: () => false,
+                    },
+                  );
                 } catch (err) {
                   const fetchError = err instanceof Error ? err : new Error(String(err));
                   if (accountManager && account) {
@@ -579,7 +610,7 @@ export async function AnthropicAuthPlugin({
 
                     let retryCount = 0;
                     const retried = await fetchWithRetry(
-                      async () => {
+                      async ({ forceFreshConnection }) => {
                         if (retryCount === 0) {
                           retryCount += 1;
                           return response;
@@ -593,11 +624,10 @@ export async function AnthropicAuthPlugin({
                           requestContext.preparedBody === undefined
                             ? undefined
                             : cloneBodyForRetry(requestContext.preparedBody);
-                        return fetchWithTransport(retryUrl, {
-                          ...requestInit,
-                          body: retryBody,
-                          headers: headersForRetry,
-                        });
+                        return fetchWithTransport(
+                          retryUrl,
+                          buildTransportRequestInit(headersForRetry, retryBody, forceFreshConnection),
+                        );
                       },
                       { maxRetries: 2 },
                     );