feat(anthropic): Track A core protocol parity for /claude messages

[joeblack2k]

Summary

Part of #114 and implements Track A from #115.

This PR introduces Anthropic core protocol support with API-first routing:

• POST /claude/v1/messages -> Anthropic API transport (default)
• POST /claude-sdk/v1/messages -> Claude SDK transport
• Anthropic-compatible error envelope and streaming behavior wired through dedicated Anthropic module
• API-key guardrails and model access checks on Anthropic routes
• OAuth refresh retry logic for API transport, including revoked-token 403 recovery path

Why

We need a focused, reviewable baseline for Claude compatibility without bundling full dashboard/runtime/UI changes in one mega-PR. This slice establishes the protocol surface that Claude-style clients depend on.

Validation

Executed locally on this branch:

• uv run ruff check app/modules/anthropic app/core/clients/anthropic_api_proxy.py app/core/clients/anthropic_proxy.py tests/unit/test_anthropic_api_proxy.py tests/integration/test_anthropic_messages_api.py
• uv run pytest tests/unit/test_anthropic_api_proxy.py tests/unit/test_anthropic_credentials.py tests/unit/test_anthropic_service.py tests/integration/test_anthropic_messages_api.py

Result: all checks/tests passed.

Risks

• Introduces new Anthropic route/module surface; interaction with account selection and wider usage schedulers still needs follow-up hardening in Track B/C.
• SDK transport remains present but this PR is scoped to protocol baseline.

Rollback

• Standard rollback by reverting this PR commit range.
• No schema migration changes are included in this slice.

Rollout policy (important)

• Canary-only validation first.
• Do not promote to main/live without explicit approval.

[joeblack2k]

Update from this weekend’s canary->main rollout and incident fixes.

What was pushed to this PR branch:

• fa4cbb7 serve neutral root landing page; keep dashboard on /dashboard
• 04add69 fix(responses): resolve item_reference locally when store=false
• 2b5bed4 fix(responses): drop top-level reasoning artifacts from replay input

Why:

• OpenClaw sessions intermittently failed with:
  • HTTP 404 ... Item with id 'rs_*' not found ... store=false
• Root cause was mixed replay shapes (item_reference and top-level reasoning artifacts) being forwarded upstream.

Validation performed:

• Canary deployed and probed first.
• Main promoted only after canary health and API probes passed.
• Public endpoint verified after switch-back to main.

Important scope note:

• Claude Desktop “custom deployment” currently loads the root web page (expected behavior in this implementation).
• This PR improves Claude API/bridge compatibility but is not a full Claude Desktop webapp clone.

Next follow-up proposed:

• Add explicit tests for type=reasoning replay sanitization in /v1/responses compatibility path.
• Document Desktop custom-deployment limitation + recommended local shim approach.

[joeblack2k]

Follow-up from requested cleanup is now pushed.

Added:

• Integration regression test for top-level replay artifacts:
  • test_v1_responses_drops_top_level_reasoning_artifact_items
  • Ensures {"type":"reasoning","id":"rs_*"} input items are dropped before upstream forwarding.
• README clarification for Claude Desktop custom deployment behavior and local shim strategy.

Validation:

• uv run pytest -q tests/integration/test_proxy_responses.py -k "reasoning"
• Result: 2 passed