claude-code-cache-fix 3.7.1 → 3.9.0

package/hooks/README.md

@@ -0,0 +1,36 @@
+# cache-fix hook examples
+
+Standalone `PreToolUse` / `PostToolUse` / `SessionStart` hook scripts that address specific Claude Code behaviors. These are **examples** — you install them by pointing at them from your own `~/.claude/settings.json` (or per-project `.claude/settings.json`). cache-fix does not register them automatically.
+
+Independent of the proxy. Hooks run client-side via CC's hooks contract; they don't touch the API request path.
+
+## Available examples
+
+| Script | Event | Purpose | Docs |
+|---|---|---|---|
+| `examples/worktree-edit-guard.py` | `PreToolUse` | Block `Edit`/`Write`/`MultiEdit`/`NotebookEdit` calls whose target path falls outside the active git worktree root. Addresses [CC#59628](https://github.com/anthropics/claude-code/issues/59628). | [`docs/hooks/worktree-edit-guard.md`](../docs/hooks/worktree-edit-guard.md) |
+
+## Installing a hook
+
+Each script's docs page has its own settings.json snippet. The general shape:
+
+```jsonc
+{
+  "hooks": {
+    "<EventName>": [
+      {
+        "matcher": "<ToolName1>|<ToolName2>",
+        "hooks": [
+          { "type": "command", "command": "/abs/path/to/hooks/examples/<script>" }
+        ]
+      }
+    ]
+  }
+}
+```
+
+The `command` field must be an absolute path per CC's hooks contract. Make sure the script is executable.
+
+## CC hooks reference
+
+https://code.claude.com/docs/en/hooks — exit-code semantics, structured output schema, matcher patterns, the full event taxonomy.

package/hooks/examples/worktree-edit-guard.py

@@ -0,0 +1,93 @@
+#!/usr/bin/env python3
+"""PreToolUse hook: refuse Edit/Write/MultiEdit/NotebookEdit calls whose
+target path falls outside the active git worktree root.
+
+Addresses anthropics/claude-code#59628 (worktree sessions can corrupt the
+parent main checkout). See docs/hooks/worktree-edit-guard.md for install.
+
+Exit codes (per CC PreToolUse hook contract):
+  0  pass-through (allow)
+  2  block (CC feeds stderr back to the agent)
+Posture: environmental failures fail open (exit 0); protocol-shape failures
+(missing expected path field on an in-scope tool) fail closed (exit 2)."""
+
+import json
+import os
+import subprocess
+import sys
+
+IN_SCOPE = {"Edit", "Write", "MultiEdit", "NotebookEdit"}
+PATH_FIELD = {"Edit": "file_path", "Write": "file_path",
+              "MultiEdit": "file_path", "NotebookEdit": "notebook_path"}
+
+
+def git(*args, cwd):
+    """Run git; return stripped stdout on success, None on any failure."""
+    try:
+        r = subprocess.run(("git",) + args, cwd=cwd, timeout=2,
+                           capture_output=True, text=True, check=False)
+        return r.stdout.strip() if r.returncode == 0 else None
+    except (subprocess.TimeoutExpired, OSError):
+        return None
+
+
+def worktree_root(cwd):
+    """Return the worktree root if cwd is inside a linked worktree, else None.
+
+    Detection: realpath-equality of --git-dir and --git-common-dir. They are
+    equal in a regular checkout (from any depth) and differ inside a linked
+    worktree. Compare realpaths because --git-common-dir returns paths
+    relative to cwd, so raw string compare breaks below the repo root."""
+    top = git("rev-parse", "--show-toplevel", cwd=cwd)
+    gd = git("rev-parse", "--git-dir", cwd=cwd)
+    gcd = git("rev-parse", "--git-common-dir", cwd=cwd)
+    if not (top and gd and gcd):
+        return None
+    if os.path.realpath(os.path.join(cwd, gd)) == os.path.realpath(os.path.join(cwd, gcd)):
+        return None
+    return os.path.realpath(top)
+
+
+def resolved_target(target):
+    """Realpath the target. If the target exists (including as a broken
+    symlink), realpath it directly so a target that IS a symlink resolves
+    to its destination (not back to itself). If it doesn't exist, fall
+    back to realpath(parent_dir) + basename so a symlinked PARENT still
+    gets caught even when the leaf will be created by the tool."""
+    if os.path.lexists(target):
+        return os.path.realpath(target)
+    return os.path.join(os.path.realpath(os.path.dirname(target)),
+                        os.path.basename(target))
+
+
+def main():
+    try:
+        payload = json.load(sys.stdin)
+    except (json.JSONDecodeError, ValueError):
+        return 0  # fail-open: malformed input is an environmental fault
+    tool = payload.get("tool_name")
+    if tool not in IN_SCOPE:
+        return 0
+    field = PATH_FIELD[tool]
+    target = (payload.get("tool_input") or {}).get(field)
+    if not isinstance(target, str) or not target:
+        sys.stderr.write(f"worktree-edit-guard: refusing {tool} — "
+                         f"missing tool_input.{field}.\n")
+        return 2  # fail-closed: protocol-shape mismatch
+    cwd = payload.get("cwd") or os.getcwd()
+    root = worktree_root(cwd)
+    if root is None:
+        return 0  # not in a linked worktree; nothing to enforce
+    if not os.path.isabs(target):
+        target = os.path.join(cwd, target)
+    abs_target = resolved_target(target)
+    if abs_target == root or abs_target.startswith(root + os.sep):
+        return 0
+    sys.stderr.write(f"worktree-edit-guard: refusing {tool} on {abs_target} — "
+                     f"outside worktree {root}. Use a path inside the worktree, "
+                     f"or disable this hook in settings.json.\n")
+    return 2
+
+
+if __name__ == "__main__":
+    sys.exit(main())

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-code-cache-fix",
-  "version": "3.7.1",
+  "version": "3.9.0",
   "description": "Cache optimization proxy and interceptor for Claude Code. Fixes prompt cache bugs, stabilizes prefix, reduces quota burn.",
   "type": "module",
   "exports": {
@@ -15,6 +15,7 @@
     "preload.mjs",
     "postinstall.js",
     "tools/",
+    "hooks/",
     "claude-fixed.bat",
     "proxy/",
     "bin/",

package/proxy/extensions/auto-1m-guard.mjs

@@ -0,0 +1,117 @@
+// auto-1m-guard — detect/warn/strip the 1M-context beta token on outbound
+// requests. Addresses anthropics/claude-code#64919 (VS Code Extension forcing
+// 1M context on Pro Plan).
+//
+// Binary-walk (CC v2.1.148 / v2.1.161 — same code body, names churned):
+//   sL→kJ:  function strips /\[(1|2)m\]/gi from the model string
+//   W2→bZ:  gates 1M-beta inclusion on /\[1m\]/i.test(model)
+//   xKH→E9H: kill switch keys off CLAUDE_CODE_DISABLE_1M_CONTEXT
+// CC always applies the sanitizer at messages.create call sites:
+//   messages.create({...J, model: kJ(J.model)})
+// So req.body.model NEVER carries [1m] on the wire — the proxy-visible
+// signal is the anthropic-beta REQUEST HEADER carrying context-1m-2025-08-07.
+//
+// Three modes (env: CACHE_FIX_AUTO_1M_GUARD):
+//   off    no-op
+//   warn   (default) stash _auto1mGuard annotation + stderr line; no mutation
+//   strip  also remove context-1m-2025-08-07 from the anthropic-beta header
+//
+// Order 520: after ttl-management (500) and before thinking-block-sanitize
+// (550) / session-health (590) / cache-telemetry (600). The stashed flat
+// object at ctx.meta._auto1mGuard is spread top-level into the per-session
+// JSON by cache-telemetry, matching the _sessionHealth / _thinkingSanitize
+// pattern.
+//
+// See docs/directives/proxy-auto-1m-guard.md.
+
+const BETA_TOKEN_1M = "context-1m-2025-08-07";
+const HEADER_NAME = "anthropic-beta";
+const ADVICE =
+  "Outbound request carries the context-1m-2025-08-07 beta header, which enables 1M context. " +
+  "On Pro plans this consumes overage credits immediately. To prevent CC from auto-selecting 1M: " +
+  "set CLAUDE_CODE_DISABLE_1M_CONTEXT=1 in your env, or use /model with a non-[1m] model variant " +
+  "in-session. Strip mode (CACHE_FIX_AUTO_1M_GUARD=strip) intercepts the header at the proxy.";
+
+function modeFromEnv() {
+  const v = process.env.CACHE_FIX_AUTO_1M_GUARD;
+  if (v === "off" || v === "strip") return v;
+  return "warn";
+}
+
+// Case-insensitive read of the anthropic-beta header. Mirrors
+// upstream-change-detection.mjs:200-207. Returns { key, raw } where key is
+// the actual property name found (so the rewrite can replace in-place),
+// or null if absent.
+export function findBetaHeader(headers) {
+  if (!headers) return null;
+  for (const k of Object.keys(headers)) {
+    if (k.toLowerCase() === HEADER_NAME) {
+      return { key: k, raw: headers[k] };
+    }
+  }
+  return null;
+}
+
+// Parse the comma-separated header value into a trimmed token array.
+// Tolerates string or array input.
+export function parseBetaTokens(raw) {
+  if (!raw) return [];
+  if (Array.isArray(raw)) return raw.map(String).map((s) => s.trim()).filter(Boolean);
+  if (typeof raw === "string") return raw.split(",").map((s) => s.trim()).filter(Boolean);
+  return [];
+}
+
+// Pure planner: returns { detected, stripped, tokensAfter } given the
+// parsed token array. Strip removes ALL occurrences (defensive against
+// duplicates introduced by intermediaries).
+export function planSanitizeBetaHeader(tokens, mode) {
+  const detected = tokens.includes(BETA_TOKEN_1M);
+  if (!detected || mode !== "strip") {
+    return { detected, stripped: false, tokensAfter: tokens };
+  }
+  const tokensAfter = tokens.filter((t) => t !== BETA_TOKEN_1M);
+  return { detected, stripped: true, tokensAfter };
+}
+
+// Rejoin tokens with the CC-canonical ", " separator. Empty array → "".
+export function joinBetaTokens(tokens) {
+  return tokens.join(", ");
+}
+
+export default {
+  name: "auto-1m-guard",
+  description:
+    "Detect (warn) or remove (strip) the context-1m-2025-08-07 token from the outbound anthropic-beta header. " +
+    "Addresses CC#64919 (VS Code Extension forcing 1M context on Pro Plan). " +
+    "Modes via CACHE_FIX_AUTO_1M_GUARD: off | warn (default) | strip.",
+  order: 520,
+
+  async onRequest(ctx) {
+    const mode = modeFromEnv();
+    if (mode === "off") return;
+
+    const found = findBetaHeader(ctx.headers);
+    if (!found) return;
+
+    const tokens = parseBetaTokens(found.raw);
+    const plan = planSanitizeBetaHeader(tokens, mode);
+    if (!plan.detected) return;
+
+    if (plan.stripped) {
+      ctx.headers[found.key] = joinBetaTokens(plan.tokensAfter);
+    }
+
+    ctx.meta._auto1mGuard = {
+      auto_1m_detected: true,
+      auto_1m_action: plan.stripped ? "stripped" : "warn",
+      auto_1m_advice: ADVICE,
+    };
+
+    process.stderr.write(
+      `[auto-1m-guard] ${BETA_TOKEN_1M} detected in outbound betas` +
+        (plan.stripped ? " — stripped" : "") +
+        ` — see CACHE_FIX_AUTO_1M_GUARD=strip to intercept. ` +
+        `Set CLAUDE_CODE_DISABLE_1M_CONTEXT=1 to prevent CC from sending it.\n`,
+    );
+  },
+};

package/proxy/extensions/cache-telemetry.mjs

@@ -49,6 +49,13 @@ export function sessionFilename(rawId) {
   return "inv-" + createHash("sha256").update(s).digest("hex").slice(0, 16);
 }
 
+// Full path to the per-session file for a raw session id. Exported so sibling
+// extensions (e.g. session-health) can READ the prior state this writer wrote,
+// using the identical filename rule — reuse, not duplicate.
+export function sessionFilePath(rawId) {
+  return join(paths().sessionsDir, `${sessionFilename(rawId)}.json`);
+}
+
 function resolveSessionId(headers) {
   if (!headers) return null;
   const sid =
@@ -222,6 +229,18 @@ export default {
             hit_rate: hitRate,
             timestamp,
           },
+          // Additive session-health fields (session-health extension, order
+          // 590, stashes these before this writer runs). Optional — absent if
+          // that extension is disabled or produced nothing this request.
+          ...(ctx.meta._sessionHealth || {}),
+          // Additive thinking-block-sanitize drop count (order 550, opt-in).
+          // Optional — absent unless CACHE_FIX_THINKING_SANITIZE=on.
+          ...(ctx.meta._thinkingSanitize || {}),
+          // Additive auto-1m-guard annotation (order 520). Optional — absent
+          // unless the outbound request carried context-1m-2025-08-07 and the
+          // mode wasn't off. Keys: auto_1m_detected / auto_1m_action /
+          // auto_1m_advice.
+          ...(ctx.meta._auto1mGuard || {}),
           timestamp,
           session_id: rawSid,
         },

package/proxy/extensions/session-health.mjs

@@ -0,0 +1,152 @@
+import { readFileSync } from "node:fs";
+import { sessionFilename, sessionFilePath } from "./cache-telemetry.mjs";
+
+// session-health — read-only early-warning for the CC thinking-desync wedge
+// (anthropics/claude-code#63147). Long-running Opus 4.7 [1m] sessions grow
+// their live context until CC's own history reconstruction desyncs a
+// thinking-block signature, producing a permanent 400 on every subsequent
+// turn. This extension OBSERVES (never mutates the body) and records the
+// conditions that correlate with the trip, plus emits a one-time stderr warn
+// so the operator can retire the session deliberately before it dies.
+//
+// It hands its computed fields to the existing per-session writer
+// (cache-telemetry, order 600) via ctx.meta._sessionHealth; cache-telemetry
+// merges them into the single per-session JSON write. This extension never
+// writes that file itself (single-writer invariant).
+
+const THINKING_TYPES = new Set(["thinking", "redacted_thinking"]);
+
+const DEFAULT_WARN_TOKENS = 250_000;
+const DEFAULT_HIGH_TOKENS = 340_000; // just under the observed ~382K trip
+
+// --- Module-scope state ---
+// Cross-request accumulators, seeded once-per-process from the prior persisted
+// file so first_seen / max / count stay accurate across the proxy restarts
+// that multi-week sessions inevitably span.
+const sessionState = new Map(); // key -> { firstSeen, max, count }
+// Sessions already given the one-time "high" stderr warn this process.
+const warnedSessions = new Set();
+
+function parseTokenEnv(raw, def) {
+  if (raw === undefined || raw === "") return def;
+  const n = Number(raw);
+  return Number.isFinite(n) && n >= 0 ? n : def;
+}
+
+// Exported for unit testing.
+export function loadConfig(env = process.env) {
+  return {
+    warnTokens: parseTokenEnv(env.CACHE_FIX_THINKING_RISK_WARN_TOKENS, DEFAULT_WARN_TOKENS),
+    highTokens: parseTokenEnv(env.CACHE_FIX_THINKING_RISK_HIGH_TOKENS, DEFAULT_HIGH_TOKENS),
+    enabled: env.CACHE_FIX_THINKING_RISK !== "off",
+  };
+}
+
+export function countThinkingBlocks(body) {
+  if (!body || !Array.isArray(body.messages)) return 0;
+  let n = 0;
+  for (const msg of body.messages) {
+    if (!Array.isArray(msg.content)) continue;
+    for (const block of msg.content) {
+      if (block && THINKING_TYPES.has(block.type)) n++;
+    }
+  }
+  return n;
+}
+
+export function computeContextTokens(cacheStats) {
+  if (!cacheStats) return 0;
+  return (
+    (cacheStats.inputTokens || 0) +
+    (cacheStats.cacheRead || 0) +
+    (cacheStats.cacheCreation || 0)
+  );
+}
+
+export function computeRisk(contextTokens, { warnTokens, highTokens }) {
+  if (contextTokens >= highTokens) return "high";
+  if (contextTokens >= warnTokens) return "warn";
+  return "ok";
+}
+
+function seedFromFile(rawSid, now) {
+  let prev = null;
+  try {
+    prev = JSON.parse(readFileSync(sessionFilePath(rawSid), "utf8"));
+  } catch {}
+  return {
+    firstSeen: typeof prev?.first_seen === "string" ? prev.first_seen : now,
+    max: Number.isFinite(prev?.thinking_block_max) ? prev.thinking_block_max : 0,
+    count: Number.isFinite(prev?.request_count) ? prev.request_count : 0,
+  };
+}
+
+export default {
+  name: "session-health",
+  description:
+    "Observe per-session thinking-desync risk (context size + thinking-block count) and warn before the session reaches the danger zone. Read-only; never mutates the body.",
+  order: 590, // after request-body mutators (so the count is the forwarded body), before the writer (cache-telemetry, 600)
+
+  async onRequest(ctx) {
+    // Count thinking blocks in the (near-final) forwarded body. Session id is
+    // resolved by cache-telemetry's onRequest (order 600), which runs AFTER
+    // this hook — so we don't read the session id here; we read it in
+    // onStreamEvent, by which time it is set.
+    ctx.meta._thinkingBlockCount = countThinkingBlocks(ctx.body);
+  },
+
+  async onStreamEvent(ctx) {
+    const { event } = ctx;
+    if (!event || event.type !== "message_delta") return;
+    // Once per response, regardless of how many message_delta events arrive.
+    if (ctx.meta._sessionHealthDone) return;
+    ctx.meta._sessionHealthDone = true;
+
+    const now = new Date().toISOString();
+    const rawSid = ctx.meta._sessionId ?? null;
+    const key = sessionFilename(rawSid);
+    const thinkingBlockCount = ctx.meta._thinkingBlockCount || 0;
+    const contextTokens = computeContextTokens(ctx.meta.cacheStats);
+
+    let st = sessionState.get(key);
+    if (!st) {
+      st = seedFromFile(rawSid, now);
+      sessionState.set(key, st);
+    }
+    st.count += 1;
+    st.max = Math.max(st.max, thinkingBlockCount);
+
+    const health = {
+      context_tokens: contextTokens,
+      thinking_block_count: thinkingBlockCount,
+      thinking_block_max: st.max,
+      first_seen: st.firstSeen,
+      request_count: st.count,
+    };
+
+    const cfg = loadConfig();
+    if (cfg.enabled) {
+      const risk = computeRisk(contextTokens, cfg);
+      health.thinking_desync_risk = risk;
+      if (risk === "high" && !warnedSessions.has(key)) {
+        warnedSessions.add(key);
+        const sidLabel = rawSid || "unknown";
+        process.stderr.write(
+          `[session-health] session ${sidLabel} high thinking-desync risk: ` +
+            `context_tokens=${contextTokens} (>= ${cfg.highTokens}), ` +
+            `thinking_block_count=${thinkingBlockCount}. ` +
+            `Consider retiring this session (write SESSION_STATE + /clear).\n`,
+        );
+      }
+    }
+
+    // Hand off to cache-telemetry (order 600) to persist in its single write.
+    ctx.meta._sessionHealth = health;
+  },
+
+  // Test-only: reset module state between tests.
+  __resetForTests() {
+    sessionState.clear();
+    warnedSessions.clear();
+  },
+};

package/proxy/extensions/thinking-block-sanitize.mjs

@@ -0,0 +1,130 @@
+// thinking-block-sanitize — request-path mitigation for the CC thinking-desync
+// wedge (anthropics/claude-code#63147). On replay paths (resume / --continue /
+// auto-compaction / parallel-tool-cancel), CC re-sends prior assistant turns'
+// thinking in the OMITTED shape `{ type:"thinking", thinking:"", signature }`.
+// The API rejects modified thinking in the *latest* assistant message with a
+// permanent 400, which wedges the session. This extension drops the omitted
+// thinking blocks the API treats as optional, before the request is forwarded.
+//
+// Resolved turn-selection rule (directive Open Question 1, empirical capture):
+//   - drop omitted thinking from ALL prior assistant turns, AND
+//   - from the LATEST assistant turn UNLESS it is an active tool-continuation
+//     (last block is a tool_use with a following tool_result) — that case is
+//     uncoverable by the proxy (the API needs the signed thinking for the
+//     pending tool call; we can't restore the emptied text). No env var both
+//     preserves thinking and avoids the wedge there — CLAUDE_CODE_DISABLE_THINKING=1
+//     / MAX_THINKING_TOKENS=0 stop it only by disabling thinking entirely
+//     (lossy); DISABLE_INTERLEAVED_THINKING=1 does NOT stop the 400 — so the
+//     answer for that case is don't-resume + heal/retire.
+// Never touches non-empty thinking, and never touches redacted_thinking (v1).
+//
+// OPT-IN for v1: only runs when CACHE_FIX_THINKING_SANITIZE=on (default off) —
+// it mutates request bodies and its coverage is not yet live-validated.
+//
+// Order 550: after the request-body mutators (ttl-management 500) and before
+// session-health (590), so #160's thinking_block_count reflects the forwarded
+// body. The per-request drop count is exposed via ctx.meta._thinkingSanitize
+// for cache-telemetry (600) to merge into the per-session JSON.
+
+export function isOmittedThinking(block) {
+  return (
+    !!block &&
+    block.type === "thinking" &&
+    typeof block.thinking === "string" &&
+    block.thinking.trim() === ""
+  );
+}
+
+function answersToolUse(msg, toolUseId) {
+  return (
+    !!msg &&
+    Array.isArray(msg.content) &&
+    msg.content.some(
+      (b) => b && b.type === "tool_result" && b.tool_use_id === toolUseId,
+    )
+  );
+}
+
+// The latest assistant message is an active tool-continuation when its terminal
+// block is a `tool_use` that is *paired with* — i.e. answered by — a following
+// `tool_result` carrying the same `tool_use_id`. Only then does the API require
+// that turn's thinking intact, so only then must we leave it untouched. Matching
+// the id (not merely the presence of any later tool_result) keeps the guard as
+// narrow as the approved rule: an unanswered terminal tool_use, or a later
+// tool_result that answers a *different* call, is not the protected case.
+export function isActiveToolContinuation(messages, idx) {
+  const msg = messages[idx];
+  if (!msg || !Array.isArray(msg.content) || msg.content.length === 0) return false;
+  const last = msg.content[msg.content.length - 1];
+  if (!last || last.type !== "tool_use" || !last.id) return false;
+  for (let j = idx + 1; j < messages.length; j++) {
+    if (answersToolUse(messages[j], last.id)) return true;
+  }
+  return false;
+}
+
+function latestAssistantIndex(messages) {
+  for (let i = messages.length - 1; i >= 0; i--) {
+    if (messages[i] && messages[i].role === "assistant") return i;
+  }
+  return -1;
+}
+
+// Pure planner: returns { messages, dropped }. Does not mutate the input.
+// `messages` is the new array (a message that loses all content is dropped).
+export function planSanitize(messages) {
+  if (!Array.isArray(messages)) return { messages, dropped: 0 };
+  const latestAsst = latestAssistantIndex(messages);
+  const protectLatest = latestAsst >= 0 && isActiveToolContinuation(messages, latestAsst);
+
+  let dropped = 0;
+  let changed = false;
+  const out = [];
+  for (let i = 0; i < messages.length; i++) {
+    const msg = messages[i];
+    if (!msg || msg.role !== "assistant" || !Array.isArray(msg.content)) {
+      out.push(msg);
+      continue;
+    }
+    if (i === latestAsst && protectLatest) {
+      out.push(msg); // active continuation — leave its thinking intact
+      continue;
+    }
+    const kept = msg.content.filter((b) => {
+      if (isOmittedThinking(b)) {
+        dropped++;
+        return false;
+      }
+      return true;
+    });
+    if (kept.length === msg.content.length) {
+      out.push(msg); // unchanged
+    } else if (kept.length === 0) {
+      changed = true; // message became empty → drop it entirely
+    } else {
+      out.push({ ...msg, content: kept });
+      changed = true;
+    }
+  }
+  return { messages: changed ? out : messages, dropped };
+}
+
+export default {
+  name: "thinking-block-sanitize",
+  description:
+    "Drop omitted (empty-text) thinking blocks from prior assistant turns and the latest non-continuation turn, to head off the CC thinking-desync 400 (#63147). Opt-in via CACHE_FIX_THINKING_SANITIZE=on.",
+  order: 550,
+
+  async onRequest(ctx) {
+    if (process.env.CACHE_FIX_THINKING_SANITIZE !== "on") return;
+    const body = ctx.body;
+    if (!body || !Array.isArray(body.messages)) return;
+
+    const { messages, dropped } = planSanitize(body.messages);
+    if (dropped > 0) body.messages = messages;
+
+    // Counts only — never content. Exposed for cache-telemetry to persist and
+    // for the #160 session-health signal.
+    ctx.meta._thinkingSanitize = { thinking_blocks_dropped: dropped };
+  },
+};

package/proxy/extensions/ttl-management.mjs

@@ -10,7 +10,17 @@ function detectRequestType(system) {
   return isSubagent ? "subagent" : "main";
 }
 
+// Thinking and redacted_thinking blocks must be returned to the API byte-identical
+// to the original model response — the API validates them and rejects any
+// modification with "thinking blocks ... cannot be modified" (a 400 on the whole
+// request). On Opus 4.7 interleaved thinking, CC can place a cache_control
+// breakpoint on a thinking block; injecting a ttl there would mutate the block
+// and break the request. Skip them — the marginal TTL benefit on one breakpoint
+// is never worth corrupting a thinking turn.
+const PROTECTED_BLOCK_TYPES = new Set(["thinking", "redacted_thinking"]);
+
 function injectTtl(block, ttlParam) {
+  if (block && PROTECTED_BLOCK_TYPES.has(block.type)) return block;
   if (block.cache_control?.type === "ephemeral" && !block.cache_control.ttl) {
     return { ...block, cache_control: { ...block.cache_control, ttl: ttlParam } };
   }