Correct stale headroom OAuth-credential claim in ADR-0023#103
Merged
Conversation
…compose.yml ADR-0023 stated CLAUDE_CODE_OAUTH_TOKEN "does NOT work" with the headroom proxy and that it needs its own ANTHROPIC_API_KEY to perform compression. That was true for an earlier assumption about the proxy's design, but the currently pinned ghcr.io/chopratejas/headroom:latest image (v0.27.0) has since grown an auth-mode classifier that treats Claude Code's OAuth bearer token as a first-class "SUBSCRIPTION" case, forwards it upstream unchanged, and compresses via a local ONNX model rather than a live LLM call — so no proxy-owned credential is needed either way. Verified via direct source read of the running container (proxy/auth_mode.py, proxy/handlers/anthropic.py, transforms/ compression_policy.py) plus a live round trip: two POST /v1/messages requests authenticated with only CLAUDE_CODE_OAUTH_TOKEN (no ANTHROPIC_API_KEY presented) returned genuine 200 responses from real Anthropic infra and were correctly attributed to the claude-code agent in the proxy's own /stats output. Adds a dated addendum to ADR-0023 rather than rewriting the original text, and corrects the docker-compose.yml comment to mark ANTHROPIC_API_KEY as optional for this path. Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
2 tasks
lsfera
added a commit
that referenced
this pull request
Jul 6, 2026
…#104) Follow-up to #103, which corrected ADR-0023 and the docker-compose.yml comment but missed the README's user-facing "Context compression (headroom)" section — the more prominent doc most adopters actually read. It still claimed ANTHROPIC_API_KEY was required and that OAuth survival through the proxy was unverified; both are now known false per ADR-0023's 2026-07-05 addendum (source-verified + live-tested). Co-authored-by: Claude Sonnet 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
docker-compose.ymlcomment claimedCLAUDE_CODE_OAUTH_TOKENdoesn't work with the headroom compression proxy and that it needs its ownANTHROPIC_API_KEY. That was true against an earlier design assumption, but the pinnedghcr.io/chopratejas/headroom:latestimage (currently v0.27.0) has since added an auth-mode classifier that treats Claude Code's OAuth bearer token as a first-class "SUBSCRIPTION" case and forwards it upstream unchanged — compression runs via a local ONNX model, not a live LLM call, so no proxy-owned credential is needed.docker-compose.ymlcomment.Verification
proxy/auth_mode.py,proxy/handlers/anthropic.py,transforms/compression_policy.py) to confirm the OAuth-passthrough behavior.POST /v1/messagesrequests to the proxy authenticated with onlyCLAUDE_CODE_OAUTH_TOKEN(noANTHROPIC_API_KEYin the request) — both returned genuine200s from real Anthropic infra, correctly attributed to theclaude-codeagent in the proxy's own/stats.🤖 Generated with Claude Code