fix(v2.9.7): active Claude-CLI auth probe + 401 on cli auth failure

.dockerignore

@@ -0,0 +1,53 @@
+# Version control
+.git
+.gitignore
+.gitattributes
+
+# Python build / runtime caches
+__pycache__
+*.py[cod]
+*$py.class
+*.egg-info
+.pytest_cache
+.hypothesis
+.mypy_cache
+.ruff_cache
+.coverage
+coverage.xml
+htmlcov
+
+# Local virtualenvs (Dockerfile creates its own via Poetry)
+.venv
+venv
+env
+
+# Local-only config and secrets
+.env
+.env.*
+!.env.example
+*.pem
+*.key
+*.pfx
+id_rsa*
+credentials*
+secrets*
+
+# Tests / docs / examples are not needed at runtime
+tests
+docs
+examples
+
+# Editor / OS cruft
+.DS_Store
+.idea
+.vscode
+*.swp
+*~
+
+# CI / local tooling state
+.github
+.claude
+
+# Planning / local notes
+plans
+*.tmp

.env.example

@@ -25,8 +25,36 @@ MAX_TIMEOUT=600000
 CORS_ORIGINS=["*"]
 
 # Model Configuration
-# Default Claude model to use when none specified in request
-DEFAULT_MODEL=claude-sonnet-4-5-20250929
+# Default Claude model to use when none specified in request.
+# When unset AND ANTHROPIC_API_KEY is configured, the wrapper resolves the
+# latest Sonnet from Anthropic's live Models API at startup. Otherwise it
+# falls back to claude-sonnet-4-6.
+# DEFAULT_MODEL=claude-sonnet-4-6
+
+# Speed/cost-optimized model alias.
+# FAST_MODEL=claude-haiku-4-5-20251001
+
+# Model Discovery (optional)
+# ANTHROPIC_API_KEY unlocks two best-effort enhancements:
+#   1. /v1/models returns Anthropic's live model list (cached for 1 hour)
+#   2. DEFAULT_MODEL resolves to the latest Sonnet at startup
+# It is NOT required to run the wrapper - Bedrock, Vertex, and Claude CLI
+# subscription auth all work without it; /v1/models then returns the static
+# fallback list.
+# ANTHROPIC_API_KEY=sk-ant-...
+
+# Pin the advertised model list. Takes precedence over both live and static.
+# CLAUDE_MODELS_OVERRIDE=claude-sonnet-4-6,claude-opus-4-6
+
+# Cache TTL for live /v1/models results (seconds).
+# MODEL_LIST_CACHE_TTL_SECONDS=3600
+
+# Short cache TTL when the live fetch fails so transient outages don't
+# suppress live discovery for the full hour.
+# MODEL_LIST_ERROR_TTL_SECONDS=60
+
+# HTTP timeout for the live model fetch.
+# MODEL_LIST_REQUEST_TIMEOUT_SECONDS=5
 
 # Rate Limiting Configuration
 RATE_LIMIT_ENABLED=true

.github/dependabot.yml

@@ -0,0 +1,49 @@
+version: 2
+updates:
+  # Python dependencies via Poetry. claude-agent-sdk ships on a fast
+  # cadence (47 patch releases between 0.1.18 and 0.1.65 in the window
+  # covered by CHANGELOG 2.9.0); weekly checks keep the drift bounded
+  # without drowning review in daily PRs.
+  - package-ecosystem: pip
+    directory: "/"
+    schedule:
+      interval: weekly
+      day: monday
+      time: "06:00"
+      timezone: Etc/UTC
+    open-pull-requests-limit: 5
+    labels:
+      - dependencies
+      - python
+    commit-message:
+      prefix: "chore(deps)"
+      include: scope
+    groups:
+      # Group minor/patch bumps so the review queue stays short.
+      python-minor-patch:
+        patterns:
+          - "*"
+        update-types:
+          - minor
+          - patch
+    # claude-agent-sdk stays exact-pinned on purpose (see pyproject.toml).
+    # Do not let Dependabot widen the constraint - it must only propose
+    # a new exact pin.
+    ignore: []
+
+  # GitHub Actions versions (actions/checkout, codecov/codecov-action,
+  # snok/install-poetry, etc). Weekly keeps supply-chain drift bounded.
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: weekly
+      day: monday
+      time: "06:00"
+      timezone: Etc/UTC
+    open-pull-requests-limit: 5
+    labels:
+      - dependencies
+      - github-actions
+    commit-message:
+      prefix: "chore(ci)"
+      include: scope

.github/workflows/check-sdk-version.yml

@@ -0,0 +1,181 @@
+name: Check claude-agent-sdk version
+
+# Belt-and-suspenders on top of Dependabot: every Monday, fetch the
+# latest claude-agent-sdk release from PyPI and compare to the pin in
+# pyproject.toml. If we are behind, open a draft PR with the pin bump
+# and regenerated poetry.lock so a human reviewer just adds the version
+# bump + CHANGELOG entry before merging. Also runnable manually.
+#
+# Idempotent: skips PR creation when an open PR for that head branch
+# already exists. Job summary fallback runs unconditionally on drift
+# so the run page always carries the version delta even if PR creation
+# can't run (existing PR, branch conflict, etc.).
+#
+# Workflow injection notes: schedule + workflow_dispatch are the only
+# event sources, so no user-controlled event payload is involved. The
+# values flowing into run blocks (pinned, latest, branch) are derived
+# from pyproject.toml and pypi.org JSON, and are passed via env: so
+# they never reach the shell via ${{ }} expression interpolation.
+
+on:
+  schedule:
+    - cron: "0 14 * * 1" # Mondays 14:00 UTC
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Compare pinned SDK vs latest PyPI release
+        id: compare
+        run: |
+          set -euo pipefail
+
+          pinned=$(python3 -c '
+          import re, pathlib
+          text = pathlib.Path("pyproject.toml").read_text()
+          m = re.search(r"claude-agent-sdk\s*=\s*(?:\"([^\"]+)\"|\{version\s*=\s*\"([^\"]+)\")", text)
+          if not m:
+              raise SystemExit("Could not find claude-agent-sdk pin in pyproject.toml")
+          print((m.group(1) or m.group(2)).lstrip("^~="))
+          ')
+
+          latest=$(curl -sSf https://pypi.org/pypi/claude-agent-sdk/json | python3 -c 'import json,sys; print(json.load(sys.stdin)["info"]["version"])')
+
+          echo "pinned=$pinned" >> "$GITHUB_OUTPUT"
+          echo "latest=$latest" >> "$GITHUB_OUTPUT"
+
+          if [ "$pinned" = "$latest" ]; then
+            echo "up_to_date=true" >> "$GITHUB_OUTPUT"
+            echo "claude-agent-sdk pin $pinned matches latest PyPI release."
+          else
+            echo "up_to_date=false" >> "$GITHUB_OUTPUT"
+            echo "::warning::claude-agent-sdk pin ($pinned) is behind latest PyPI release ($latest)."
+          fi
+
+      - name: Set up Python
+        if: steps.compare.outputs.up_to_date == 'false'
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install Poetry
+        if: steps.compare.outputs.up_to_date == 'false'
+        run: pipx install poetry==2.3.4
+
+      - name: Check for existing bump PR
+        id: existing
+        if: steps.compare.outputs.up_to_date == 'false'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          LATEST: ${{ steps.compare.outputs.latest }}
+        run: |
+          set -euo pipefail
+          branch="chore/sdk-bump-${LATEST}"
+          echo "branch=$branch" >> "$GITHUB_OUTPUT"
+          if [ -n "$(gh pr list --state open --head "$branch" --json number --jq '.[0].number')" ]; then
+            echo "exists=true" >> "$GITHUB_OUTPUT"
+            echo "An open PR already exists for $branch; skipping create step."
+          else
+            echo "exists=false" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Bump pin, regenerate lock, and open draft PR
+        if: steps.compare.outputs.up_to_date == 'false' && steps.existing.outputs.exists == 'false'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PINNED: ${{ steps.compare.outputs.pinned }}
+          LATEST: ${{ steps.compare.outputs.latest }}
+          BRANCH: ${{ steps.existing.outputs.branch }}
+        run: |
+          set -euo pipefail
+
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git checkout -b "$BRANCH"
+
+          python3 - <<'PY'
+          import os, pathlib, re
+          latest = os.environ["LATEST"]
+          path = pathlib.Path("pyproject.toml")
+          text = path.read_text()
+          # Prefer the table form first (which carries the [otel] extras).
+          table_pat = re.compile(
+              r'(claude-agent-sdk\s*=\s*\{[^}]*version\s*=\s*")[^"]+(")'
+          )
+          new_text, n = table_pat.subn(r'\g<1>' + latest + r'\g<2>', text, count=1)
+          if n == 0:
+              # Fall back to the plain-string form.
+              string_pat = re.compile(r'(claude-agent-sdk\s*=\s*")[^"]+(")')
+              new_text, n = string_pat.subn(r'\g<1>' + latest + r'\g<2>', text, count=1)
+          if n == 0:
+              raise SystemExit("Failed to update claude-agent-sdk pin in pyproject.toml")
+          path.write_text(new_text)
+          PY
+
+          poetry lock --no-interaction
+
+          git add pyproject.toml poetry.lock
+          git commit -m "chore(deps): bump claude-agent-sdk $PINNED -> $LATEST"
+          git push origin "$BRANCH"
+
+          gh pr create \
+            --draft \
+            --base main \
+            --head "$BRANCH" \
+            --title "chore(deps): bump claude-agent-sdk $PINNED -> $LATEST" \
+            --body "Automated bump opened by the \`Check claude-agent-sdk version\` workflow.
+
+          Bumps the SDK pin in \`pyproject.toml\` from \`$PINNED\` to \`$LATEST\` and regenerates \`poetry.lock\`. Scope is deliberately limited to the pin + lock so the human reviewer owns the release coordination.
+
+          References:
+          - Release notes: https://github.com/anthropics/claude-agent-sdk-python/releases/tag/v$LATEST
+          - Full changelog: https://github.com/anthropics/claude-agent-sdk-python/compare/v$PINNED...v$LATEST
+          - PyPI: https://pypi.org/project/claude-agent-sdk/$LATEST/
+
+          Reviewer checklist before merging:
+
+          - [ ] Bump version in \`pyproject.toml\` \`[tool.poetry] version\` and \`src/__init__.py\`
+          - [ ] Add a new \`## [x.y.z]\` section to \`CHANGELOG.md\` describing this bump
+          - [ ] Confirm the \`[otel]\` extra is still present on the pin (the SDK unconditionally imports \`opentelemetry.propagate\`)
+          - [ ] Push an empty commit (\`git commit --allow-empty\`) so the test matrix fires: PRs opened with the default \`GITHUB_TOKEN\` do not trigger downstream \`pull_request\` workflow runs by design
+          - [ ] Confirm all CI checks pass
+
+          Mark the PR ready for review once the items above are in place."
+
+      - name: Write drift summary
+        if: steps.compare.outputs.up_to_date == 'false'
+        env:
+          PINNED: ${{ steps.compare.outputs.pinned }}
+          LATEST: ${{ steps.compare.outputs.latest }}
+          BRANCH: ${{ steps.existing.outputs.branch }}
+          PR_EXISTS: ${{ steps.existing.outputs.exists }}
+        run: |
+          set -euo pipefail
+          {
+            echo "## claude-agent-sdk drift"
+            echo
+            echo "| | Version |"
+            echo "|---|---|"
+            echo "| Pinned | \`$PINNED\` |"
+            echo "| Latest on PyPI | \`$LATEST\` |"
+            echo
+            if [ "$PR_EXISTS" = "true" ]; then
+              echo "An open PR for branch \`$BRANCH\` already exists; no new PR was opened."
+            else
+              echo "Opened draft PR on branch \`$BRANCH\`."
+            fi
+            echo
+            echo "Release notes: https://github.com/anthropics/claude-agent-sdk-python/releases/tag/v$LATEST"
+            echo "Full changelog: https://github.com/anthropics/claude-agent-sdk-python/compare/v$PINNED...v$LATEST"
+            echo "PyPI: https://pypi.org/project/claude-agent-sdk/$LATEST/"
+            echo
+            echo "The SDK unconditionally imports \`opentelemetry.propagate\`, so keep the \`[otel]\` extra on the pin."
+          } >> "$GITHUB_STEP_SUMMARY"

.github/workflows/ci.yml

@@ -6,11 +6,24 @@ on:
   pull_request:
     branches: [main]
 
+# Minimum GITHUB_TOKEN scope the jobs need. The Codecov upload reads a
+# separate CODECOV_TOKEN from repo secrets; it does not need a broader
+# GITHUB_TOKEN scope.
+permissions:
+  contents: read
+
 jobs:
   test:
     runs-on: ubuntu-latest
+    # Hard ceiling so a hung pytest or stalled Poetry install can't chew
+    # through minutes silently.
+    timeout-minutes: 15
     strategy:
+      # Don't cancel the rest of the matrix when one Python fails - we want
+      # to see whether a regression is specific to a single interpreter.
+      fail-fast: false
       matrix:
+        # pyproject.toml pins python = "^3.10"; test every supported minor.
         python-version: ["3.10", "3.11", "3.12"]
 
     steps:
@@ -34,6 +47,13 @@ jobs:
           path: .venv
           key: venv-${{ runner.os }}-${{ matrix.python-version }}-${{ hashFiles('**/poetry.lock') }}
 
+      # Catch lockfile drift early. The project depends on an exact pin of
+      # claude-agent-sdk (see CHANGELOG 2.9.0) so pyproject <-> poetry.lock
+      # disagreement must fail CI rather than silently resolve at install
+      # time.
+      - name: Verify lockfile is in sync
+        run: poetry check --lock
+
       - name: Install dependencies
         if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
         run: poetry install --no-interaction --no-root
@@ -48,11 +68,17 @@ jobs:
         run: poetry run mypy src --ignore-missing-imports
         continue-on-error: true
 
-      - name: Security scan
+      - name: Static security scan (bandit)
         run: poetry run bandit -r src/ -ll -x tests
 
-      - name: Dependency vulnerability scan
-        run: poetry run safety check || true
+      - name: Dependency vulnerability scan (pip-audit)
+        # pip-audit replaces the deprecated `safety check` command. It
+        # reads the installed venv so it matches exactly what will ship.
+        # Non-blocking: Dependabot / Trivy on the built image are the
+        # authoritative gates; this is a fast PR signal.
+        run: |
+          poetry run pip install --quiet pip-audit
+          poetry run pip-audit --strict --progress-spinner off || true
         continue-on-error: true
 
       - name: Run tests