ampcode-connector 0.1.0

package/src/cli/setup.ts

@@ -0,0 +1,162 @@
+/** Auto-configure Amp CLI to route through ampcode-connector. */
+
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { homedir } from "node:os";
+import { dirname, join } from "node:path";
+import { loadConfig } from "../config/config.ts";
+import { line, out, s } from "./ansi.ts";
+import * as status from "./status.ts";
+
+const AMP_SECRETS_DIR = join(homedir(), ".local", "share", "amp");
+const AMP_SECRETS_PATH = join(AMP_SECRETS_DIR, "secrets.json");
+
+const AMP_SETTINGS_PATHS = [
+  join(homedir(), ".config", "amp", "settings.json"),
+  join(homedir(), ".amp", "settings.json"),
+];
+
+function ampSettingsPaths(): string[] {
+  const envPath = process.env["AMP_SETTINGS_FILE"];
+  return envPath ? [envPath] : AMP_SETTINGS_PATHS;
+}
+
+function readJson(path: string): Record<string, unknown> {
+  if (!existsSync(path)) return {};
+  try {
+    return JSON.parse(readFileSync(path, "utf-8")) as Record<string, unknown>;
+  } catch {
+    return {};
+  }
+}
+
+function writeJson(path: string, data: Record<string, unknown>): void {
+  mkdirSync(dirname(path), { recursive: true });
+  writeFileSync(path, JSON.stringify(data, null, 2) + "\n", "utf-8");
+}
+
+function findAmpApiKey(proxyUrl: string): string | undefined {
+  if (process.env["AMP_API_KEY"]) return process.env["AMP_API_KEY"];
+
+  const secrets = readJson(AMP_SECRETS_PATH);
+  const exact = secrets[`apiKey@${proxyUrl}`];
+  if (typeof exact === "string" && exact.length > 0) return exact;
+
+  for (const value of Object.values(secrets)) {
+    if (typeof value === "string" && value.startsWith("sgamp_")) return value;
+  }
+  return undefined;
+}
+
+/** Save key under proxy URL and migrate stale entries to keep secrets.json clean. */
+function saveAmpApiKey(token: string, proxyUrl: string): void {
+  const secrets = readJson(AMP_SECRETS_PATH);
+  for (const key of Object.keys(secrets)) {
+    if (key.startsWith("apiKey")) delete secrets[key];
+  }
+  secrets[`apiKey@${proxyUrl}`] = token;
+  mkdirSync(AMP_SECRETS_DIR, { recursive: true, mode: 0o700 });
+  writeJson(AMP_SECRETS_PATH, secrets);
+}
+
+function prompt(question: string): Promise<string> {
+  return new Promise((resolve) => {
+    out(question);
+    const chunks: string[] = [];
+
+    const onData = (data: Buffer) => {
+      const str = data.toString();
+      if (str.includes("\n") || str.includes("\r")) {
+        process.stdin.removeListener("data", onData);
+        process.stdin.pause();
+        resolve(chunks.join("").trim());
+        return;
+      }
+      chunks.push(str);
+    };
+
+    process.stdin.resume();
+    process.stdin.setEncoding("utf-8");
+    process.stdin.on("data", onData);
+  });
+}
+
+export async function setup(): Promise<void> {
+  const config = await loadConfig();
+  const proxyUrl = `http://localhost:${config.port}`;
+
+  line();
+  line(`${s.bold}ampcode-connector setup${s.reset}`);
+  line();
+
+  // Step 1: Configure amp.url in all settings files
+  for (const settingsPath of ampSettingsPaths()) {
+    const settings = readJson(settingsPath);
+    if (settings["amp.url"] === proxyUrl) continue;
+    settings["amp.url"] = proxyUrl;
+    writeJson(settingsPath, settings);
+  }
+  line(`${s.green}ok${s.reset} amp.url = ${s.cyan}${proxyUrl}${s.reset}`);
+
+  // Step 2: Amp API key
+  const existingKey = findAmpApiKey(proxyUrl);
+
+  if (existingKey) {
+    saveAmpApiKey(existingKey, proxyUrl);
+    const preview = existingKey.slice(0, 10) + "...";
+    line(`${s.green}ok${s.reset} Amp token found  ${s.dim}${preview}${s.reset}`);
+  } else {
+    line();
+    line(`${s.yellow}!${s.reset}  No Amp token found.`);
+    line(`   Get one from ${s.cyan}https://ampcode.com/settings${s.reset}`);
+    line(`   Or run ${s.cyan}amp login${s.reset} after starting the proxy.`);
+    line();
+
+    const token = await prompt(`   Paste token (or press Enter to skip): `);
+    line();
+
+    if (token) {
+      saveAmpApiKey(token, proxyUrl);
+      line(`${s.green}ok${s.reset} Token saved  ${s.dim}${AMP_SECRETS_PATH}${s.reset}`);
+    } else {
+      line(`${s.dim}-- skipped${s.reset}`);
+    }
+  }
+
+  // Step 3: Provider status
+  line();
+  line(`${s.bold}Providers${s.reset}`);
+
+  const providers = status.all();
+  let hasAny = false;
+
+  for (const p of providers) {
+    const connected = p.accounts.filter((a) => a.status === "connected");
+    const total = p.accounts.filter((a) => a.status !== "disconnected");
+
+    if (connected.length > 0) {
+      hasAny = true;
+      const emails = connected.map((a) => a.email).filter(Boolean).join(", ");
+      const info = emails ? `  ${s.dim}${emails}${s.reset}` : "";
+      line(`  ${p.label.padEnd(16)} ${s.green}${connected.length} account(s)${s.reset}${info}`);
+    } else if (total.length > 0) {
+      line(`  ${p.label.padEnd(16)} ${s.yellow}${total.length} expired${s.reset}`);
+    } else {
+      line(`  ${p.label.padEnd(16)} ${s.dim}--${s.reset}`);
+    }
+  }
+
+  if (!hasAny) {
+    line();
+    line(`  Run ${s.cyan}bun run login${s.reset} to authenticate providers.`);
+  }
+
+  // Summary
+  line();
+  line(`${s.bold}Next${s.reset}`);
+  line(`  ${s.cyan}bun start${s.reset}       Start proxy`);
+  if (!existingKey) {
+    line(`  ${s.cyan}amp login${s.reset}       Authenticate with ampcode.com (proxy must be running)`);
+  }
+  line(`  ${s.cyan}amp "hello"${s.reset}     Test`);
+  line();
+}

package/src/cli/status.ts

@@ -0,0 +1,52 @@
+import type { Credentials, ProviderName } from "../auth/store.ts";
+import * as store from "../auth/store.ts";
+
+export type ConnectionStatus = "connected" | "expired" | "disconnected";
+
+export interface AccountStatus {
+  account: number;
+  status: ConnectionStatus;
+  email?: string;
+  expiresAt?: number;
+}
+
+export interface ProviderStatus {
+  name: ProviderName;
+  label: string;
+  sublabel?: string;
+  accounts: AccountStatus[];
+}
+
+const PROVIDERS: { name: ProviderName; label: string; sublabel?: string }[] = [
+  { name: "anthropic", label: "Claude Code" },
+  { name: "codex", label: "OpenAI Codex" },
+  { name: "google", label: "Google", sublabel: "Gemini CLI + Antigravity" },
+];
+
+function connectionOf(creds: Credentials): ConnectionStatus {
+  if (!creds.refreshToken) return "disconnected";
+  return store.fresh(creds) ? "connected" : "expired";
+}
+
+export function all(): ProviderStatus[] {
+  return PROVIDERS.map(({ name, label, sublabel }) => ({
+    name,
+    label,
+    sublabel,
+    accounts: store.getAll(name).map((e) => ({
+      account: e.account,
+      status: connectionOf(e.credentials),
+      email: e.credentials.email,
+      expiresAt: e.credentials.expiresAt,
+    })),
+  }));
+}
+
+export function remaining(expiresAt: number): string {
+  const diff = expiresAt - Date.now();
+  if (diff <= 0) return "expired";
+  const mins = Math.floor(diff / 60_000);
+  const hrs = Math.floor(mins / 60);
+  if (hrs > 0) return `${hrs}h ${mins % 60}m`;
+  return `${mins}m`;
+}

package/src/cli/tui.ts

@@ -0,0 +1,177 @@
+import * as configs from "../auth/configs.ts";
+import type { OAuthConfig } from "../auth/oauth.ts";
+import * as oauth from "../auth/oauth.ts";
+import type { ProviderName } from "../auth/store.ts";
+import * as store from "../auth/store.ts";
+import { cursor, line, s, screen } from "./ansi.ts";
+import type { AccountStatus, ConnectionStatus, ProviderStatus } from "./status.ts";
+import * as status from "./status.ts";
+
+const oauthConfigs: Record<ProviderName, OAuthConfig> = {
+  anthropic: configs.anthropic,
+  codex: configs.codex,
+  google: configs.google,
+};
+
+const ICON: Record<ConnectionStatus, string> = {
+  connected: `${s.green}●${s.reset}`,
+  expired: `${s.yellow}●${s.reset}`,
+  disconnected: `${s.dim}○${s.reset}`,
+};
+
+type Item =
+  | { type: "provider"; provider: ProviderStatus }
+  | { type: "account"; provider: ProviderStatus; account: AccountStatus };
+
+let selected = 0;
+let items: Item[] = [];
+let message = "";
+let busy = false;
+let timer: ReturnType<typeof setInterval> | null = null;
+
+export function dashboard(): void {
+  if (!process.stdin.isTTY) throw new Error("Interactive dashboard requires a TTY.");
+
+  rebuild();
+  process.stdin.setRawMode(true);
+  process.stdin.resume();
+  process.stdin.setEncoding("utf8");
+  cursor.hide();
+  screen.clear();
+  render();
+  timer = setInterval(render, 1_000);
+  process.stdin.on("data", onKey);
+  process.on("exit", cleanup);
+  process.on("SIGINT", () => process.exit());
+  process.on("SIGTERM", () => process.exit());
+}
+
+function rebuild(): void {
+  items = [];
+  for (const p of status.all()) {
+    items.push({ type: "provider", provider: p });
+    for (const a of p.accounts) items.push({ type: "account", provider: p, account: a });
+  }
+  if (selected >= items.length) selected = Math.max(0, items.length - 1);
+}
+
+function cleanup(): void {
+  if (timer) clearInterval(timer);
+  cursor.show();
+  screen.clear();
+}
+
+function render(): void {
+  cursor.home();
+  line(`${s.bold} ampcode-connector${s.reset}`);
+  line(`${s.dim} ↑↓ navigate · enter login/add · d disconnect · q quit${s.reset}`);
+  line();
+
+  for (let i = 0; i < items.length; i++) {
+    const item = items[i]!;
+    const sel = i === selected;
+
+    if (item.type === "provider") {
+      renderProvider(item.provider, sel);
+    } else {
+      renderAccount(item.account, sel);
+    }
+  }
+
+  line();
+  if (busy) line(`${s.cyan}   ⟳ waiting for browser…${s.reset}`);
+  else if (message) line(`   ${message}`);
+  else line();
+}
+
+function renderProvider(p: ProviderStatus, sel: boolean): void {
+  const n = p.accounts.length;
+  const connected = p.accounts.filter((a) => a.status === "connected").length;
+  const suffix = n > 0 ? ` ${s.dim}(${connected}/${n})${s.reset}` : "";
+  const label = p.label.padEnd(16);
+
+  if (sel) line(`${s.inverse} › ${s.bold}${label}${s.reset}${s.inverse}${suffix} ${s.reset}`);
+  else line(`   ${s.bold}${label}${s.reset}${suffix}`);
+
+  if (p.sublabel) line(`     ${s.dim}${p.sublabel}${s.reset}`);
+}
+
+function renderAccount(a: AccountStatus, sel: boolean): void {
+  const ic = ICON[a.status];
+  const tag = `#${a.account}`.padEnd(4);
+  const info = formatInfo(a);
+
+  if (sel) line(`${s.inverse}     ${ic} ${tag} ${info} ${s.reset}`);
+  else line(`     ${ic} ${s.dim}${tag}${s.reset} ${info}`);
+}
+
+function formatInfo(a: AccountStatus): string {
+  if (a.status === "disconnected") return `${s.dim}—${s.reset}`;
+
+  const parts: string[] = [];
+  parts.push(a.status === "connected" ? `${s.green}connected${s.reset}` : `${s.yellow}expired${s.reset}`);
+  if (a.expiresAt && a.status === "connected") parts.push(`${s.dim}${status.remaining(a.expiresAt)}${s.reset}`);
+  if (a.email) parts.push(`${s.dim}${a.email}${s.reset}`);
+  return parts.join(`${s.dim} · ${s.reset}`);
+}
+
+async function onKey(data: string): Promise<void> {
+  if (busy) return;
+
+  if (data === "\x03" || data === "q") return void process.exit();
+  if (data === "\x1b[A") {
+    selected = Math.max(0, selected - 1);
+    render();
+    return;
+  }
+  if (data === "\x1b[B") {
+    selected = Math.min(items.length - 1, selected + 1);
+    render();
+    return;
+  }
+
+  if (data === "\r" || data === "\n") {
+    const item = items[selected]!;
+    await doLogin(item.provider);
+    return;
+  }
+
+  if (data === "d" || data === "D") {
+    const item = items[selected]!;
+    if (item.type === "account") doDisconnect(item.provider, item.account.account);
+    else doDisconnectAll(item.provider);
+    return;
+  }
+}
+
+async function doLogin(p: ProviderStatus): Promise<void> {
+  busy = true;
+  message = "";
+  render();
+
+  try {
+    const creds = await oauth.login(oauthConfigs[p.name]);
+    message = `${s.green}✓ ${p.label} ${creds.email ?? "account"} logged in${s.reset}`;
+  } catch (err) {
+    message = `${s.red}✗ ${err instanceof Error ? err.message : String(err)}${s.reset}`;
+  }
+
+  rebuild();
+  busy = false;
+  render();
+}
+
+function doDisconnect(p: ProviderStatus, account: number): void {
+  store.remove(p.name, account);
+  message = `${s.yellow}✗ ${p.label} #${account} disconnected${s.reset}`;
+  rebuild();
+  render();
+}
+
+function doDisconnectAll(p: ProviderStatus): void {
+  if (p.accounts.length === 0) return;
+  store.remove(p.name);
+  message = `${s.yellow}✗ ${p.label} all disconnected${s.reset}`;
+  rebuild();
+  render();
+}

package/src/config/config.ts

@@ -0,0 +1,108 @@
+/** YAML config loader with env/file fallback for API key. */
+
+import { homedir } from "node:os";
+import { join } from "node:path";
+import { DEFAULT_AMP_UPSTREAM_URL } from "../constants.ts";
+import type { LogLevel } from "../utils/logger.ts";
+import { logger } from "../utils/logger.ts";
+
+export interface ProxyConfig {
+  port: number;
+  ampUpstreamUrl: string;
+  ampApiKey?: string;
+  logLevel: LogLevel;
+  providers: {
+    anthropic: boolean;
+    codex: boolean;
+    google: boolean;
+  };
+}
+
+const DEFAULTS: ProxyConfig = {
+  port: 8765,
+  ampUpstreamUrl: DEFAULT_AMP_UPSTREAM_URL,
+  logLevel: "info",
+  providers: { anthropic: true, codex: true, google: true },
+};
+
+const CONFIG_PATH = join(process.cwd(), "config.yaml");
+const SECRETS_PATH = join(homedir(), ".local", "share", "amp", "secrets.json");
+
+export async function loadConfig(): Promise<ProxyConfig> {
+  const file = await readConfigFile();
+  const apiKey = await resolveApiKey(file);
+  const providers = asRecord(file?.["providers"]);
+
+  return {
+    port: asNumber(file?.["port"]) ?? DEFAULTS.port,
+    ampUpstreamUrl: asString(file?.["ampUpstreamUrl"]) ?? DEFAULTS.ampUpstreamUrl,
+    ampApiKey: apiKey,
+    logLevel: asLogLevel(file?.["logLevel"]) ?? DEFAULTS.logLevel,
+    providers: {
+      anthropic: asBool(providers?.["anthropic"]) ?? DEFAULTS.providers.anthropic,
+      codex: asBool(providers?.["codex"]) ?? DEFAULTS.providers.codex,
+      google: asBool(providers?.["google"]) ?? DEFAULTS.providers.google,
+    },
+  };
+}
+
+async function readConfigFile(): Promise<Record<string, unknown> | null> {
+  const file = Bun.file(CONFIG_PATH);
+  if (!(await file.exists())) return null;
+  try {
+    const text = await file.text();
+    return Bun.YAML.parse(text) as Record<string, unknown>;
+  } catch (err) {
+    throw new Error(`Invalid config.yaml: ${err}`);
+  }
+}
+
+/** Amp API key resolution: config file → AMP_API_KEY env → secrets.json */
+async function resolveApiKey(file: Record<string, unknown> | null): Promise<string | undefined> {
+  const fromFile = asString(file?.["ampApiKey"]);
+  if (fromFile) return fromFile;
+
+  const fromEnv = process.env["AMP_API_KEY"];
+  if (fromEnv) return fromEnv;
+
+  return readSecretsFile();
+}
+
+async function readSecretsFile(): Promise<string | undefined> {
+  const file = Bun.file(SECRETS_PATH);
+  if (!(await file.exists())) return undefined;
+  try {
+    const secrets = (await file.json()) as Record<string, unknown>;
+    const canonical = asString(secrets[`apiKey@${DEFAULT_AMP_UPSTREAM_URL}/`]);
+    if (canonical) return canonical;
+    for (const value of Object.values(secrets)) {
+      if (typeof value === "string" && value.startsWith("sgamp_")) return value;
+    }
+    return undefined;
+  } catch (err) {
+    logger.warn("Failed to read secrets.json", { error: String(err) });
+    return undefined;
+  }
+}
+
+function asRecord(v: unknown): Record<string, unknown> | undefined {
+  return v != null && typeof v === "object" && !Array.isArray(v) ? (v as Record<string, unknown>) : undefined;
+}
+
+function asNumber(v: unknown): number | undefined {
+  return typeof v === "number" && !isNaN(v) ? v : undefined;
+}
+
+function asString(v: unknown): string | undefined {
+  return typeof v === "string" && v.length > 0 ? v : undefined;
+}
+
+function asBool(v: unknown): boolean | undefined {
+  return typeof v === "boolean" ? v : undefined;
+}
+
+const VALID_LOG_LEVELS = new Set<string>(["debug", "info", "warn", "error"]);
+
+function asLogLevel(v: unknown): LogLevel | undefined {
+  return typeof v === "string" && VALID_LOG_LEVELS.has(v) ? (v as LogLevel) : undefined;
+}

package/src/constants.ts

@@ -0,0 +1,64 @@
+/** Single source of truth — no magic strings scattered across files. */
+
+export const CODE_ASSIST_ENDPOINT = "https://cloudcode-pa.googleapis.com";
+export const ANTIGRAVITY_DAILY_ENDPOINT = "https://daily-cloudcode-pa.sandbox.googleapis.com";
+export const AUTOPUSH_ENDPOINT = "https://autopush-cloudcode-pa.sandbox.googleapis.com";
+export const DEFAULT_ANTIGRAVITY_PROJECT = "rising-fact-p41fc";
+
+export const ANTHROPIC_API_URL = "https://api.anthropic.com";
+export const OPENAI_API_URL = "https://api.openai.com";
+export const DEFAULT_AMP_UPSTREAM_URL = "https://ampcode.com";
+
+export const ANTHROPIC_TOKEN_URL = "https://platform.claude.com/v1/oauth/token";
+export const OPENAI_TOKEN_URL = "https://auth.openai.com/oauth/token";
+export const GOOGLE_TOKEN_URL = "https://oauth2.googleapis.com/token";
+
+export const TOKEN_EXPIRY_BUFFER_MS = 5 * 60 * 1000;
+export const OAUTH_CALLBACK_TIMEOUT_MS = 120_000;
+export const CLAUDE_CODE_VERSION = "2.1.39";
+
+export const stainlessHeaders: Readonly<Record<string, string>> = {
+  "X-Stainless-Helper-Method": "stream",
+  "X-Stainless-Retry-Count": "0",
+  "X-Stainless-Runtime-Version": "v24.13.1",
+  "X-Stainless-Package-Version": "0.73.0",
+  "X-Stainless-Runtime": "node",
+  "X-Stainless-Lang": "js",
+  "X-Stainless-Arch": "arm64",
+  "X-Stainless-Os": "MacOS",
+  "X-Stainless-Timeout": "600",
+};
+
+export const claudeCodeBetas = [
+  "claude-code-20250219",
+  "oauth-2025-04-20",
+  "interleaved-thinking-2025-05-14",
+  "prompt-caching-scope-2026-01-05",
+] as const;
+
+export const filteredBetaFeatures = ["context-1m-2025-08-07"] as const;
+
+export const modelFieldPaths = [
+  "model",
+  "message.model",
+  "modelVersion",
+  "response.model",
+  "response.modelVersion",
+] as const;
+
+export const passthroughPrefixes = [
+  "/api/internal",
+  "/api/user",
+  "/api/auth",
+  "/api/meta",
+  "/api/ads",
+  "/api/telemetry",
+  "/api/threads",
+  "/api/otel",
+  "/api/tab",
+] as const;
+
+/** Browser routes — redirect to ampcode.com (auth cookies need correct domain). */
+export const browserPrefixes = ["/auth", "/threads", "/docs", "/settings"] as const;
+
+export const passthroughExact = ["/threads.rss", "/news.rss"] as const;

package/src/index.ts

@@ -0,0 +1,70 @@
+#!/usr/bin/env bun
+/** ampcode-connector entry point. */
+
+import * as configs from "./auth/configs.ts";
+import type { OAuthConfig } from "./auth/oauth.ts";
+import * as oauth from "./auth/oauth.ts";
+import { line, s } from "./cli/ansi.ts";
+import { setup } from "./cli/setup.ts";
+import { dashboard } from "./cli/tui.ts";
+import { loadConfig } from "./config/config.ts";
+import { startServer } from "./server/server.ts";
+import { logger, setLogLevel } from "./utils/logger.ts";
+
+const providers: Record<string, OAuthConfig> = {
+  anthropic: configs.anthropic,
+  codex: configs.codex,
+  google: configs.google,
+};
+
+async function main(): Promise<void> {
+  const [command, arg] = process.argv.slice(2);
+
+  if (command === "setup") return setup();
+
+  if (command === "login") {
+    if (!arg) return dashboard();
+
+    const config = providers[arg];
+    if (!config) {
+      logger.error(`Unknown provider: ${arg}. Available: ${Object.keys(providers).join(", ")}`);
+      process.exit(1);
+    }
+    await oauth.login(config);
+    return;
+  }
+
+  if (command === "help" || command === "--help" || command === "-h") {
+    usage();
+    return;
+  }
+
+  const config = await loadConfig();
+  setLogLevel(config.logLevel);
+  startServer(config);
+}
+
+function usage(): void {
+  line();
+  line(`${s.bold}ampcode-connector${s.reset} ${s.dim}— proxy Amp CLI through local OAuth subscriptions${s.reset}`);
+  line();
+  line(`${s.bold}USAGE${s.reset}`);
+  line(`  ${s.cyan}bun start${s.reset}              Start the proxy server`);
+  line(`  ${s.cyan}bun run setup${s.reset}          Configure Amp CLI to use this proxy`);
+  line(`  ${s.cyan}bun run login${s.reset}          Interactive login dashboard`);
+  line(`  ${s.cyan}bun run login <p>${s.reset}      Login to a specific provider`);
+  line();
+  line(`${s.bold}PROVIDERS${s.reset}`);
+  line(`  anthropic     Claude Code ${s.dim}(Anthropic models)${s.reset}`);
+  line(`  codex         OpenAI Codex ${s.dim}(GPT/o3 models)${s.reset}`);
+  line(`  google        Google ${s.dim}(Gemini CLI + Antigravity, dual quota)${s.reset}`);
+  line();
+  line(`${s.bold}CONFIG${s.reset}`);
+  line(`  Edit ${s.cyan}config.yaml${s.reset} to customize port, providers, and log level.`);
+  line();
+}
+
+main().catch((err) => {
+  logger.error("Fatal", { error: String(err) });
+  process.exit(1);
+});

package/src/providers/anthropic.ts

@@ -0,0 +1,65 @@
+/** Forwards requests to api.anthropic.com with Claude Code stealth headers. */
+
+import { anthropic as config } from "../auth/configs.ts";
+import * as oauth from "../auth/oauth.ts";
+import * as store from "../auth/store.ts";
+import {
+  ANTHROPIC_API_URL,
+  CLAUDE_CODE_VERSION,
+  claudeCodeBetas,
+  filteredBetaFeatures,
+  stainlessHeaders,
+} from "../constants.ts";
+import * as path from "../utils/path.ts";
+import type { Provider } from "./base.ts";
+import { denied, forward } from "./base.ts";
+
+export const provider: Provider = {
+  name: "Anthropic",
+  routeDecision: "LOCAL_CLAUDE",
+
+  isAvailable: (account?: number) =>
+    account !== undefined ? !!store.get("anthropic", account)?.refreshToken : oauth.ready(config),
+
+  accountCount: () => oauth.accountCount(config),
+
+  async forward(sub, body, originalHeaders, rewrite, account = 0) {
+    const accessToken = await oauth.token(config, account);
+    if (!accessToken) return denied("Anthropic");
+
+    return forward({
+      url: `${ANTHROPIC_API_URL}${sub}`,
+      body,
+      providerName: "Anthropic",
+      rewrite,
+      headers: {
+        ...stainlessHeaders,
+        Accept: path.streaming(body) ? "text/event-stream" : "application/json",
+        "Accept-Encoding": "br, gzip, deflate",
+        Connection: "keep-alive",
+        "Content-Type": "application/json",
+        "Anthropic-Version": "2023-06-01",
+        "Anthropic-Dangerous-Direct-Browser-Access": "true",
+        "Anthropic-Beta": betaHeader(originalHeaders.get("anthropic-beta")),
+        "User-Agent": `claude-cli/${CLAUDE_CODE_VERSION} (external, cli)`,
+        "X-App": "cli",
+        Authorization: `Bearer ${accessToken}`,
+      },
+    });
+  },
+};
+
+function betaHeader(original: string | null): string {
+  const features = new Set<string>(claudeCodeBetas);
+
+  if (original) {
+    for (const raw of original.split(",")) {
+      const feature = raw.trim();
+      if (feature && !filteredBetaFeatures.includes(feature as (typeof filteredBetaFeatures)[number])) {
+        features.add(feature);
+      }
+    }
+  }
+
+  return Array.from(features).join(",");
+}