fix: prevent 401s when claude-code drops oauth-2025-04-20 from anthropic-beta

[daniel-rudaev]

Problem

Claude Code 2.1.121+ has an upstream regression where its request-builder occasionally omits oauth-2025-04-20 from the outgoing anthropic-beta header — most reliably on large requests (~280 KB body) with full tool loadout in interactive sessions. When this happens, the Anthropic API responds 401 with the misleading "OAuth authentication is currently not supported" body. teamclaude faithfully forwards what claude-code sent, so the failure surfaces here.

References:

• [BUG] v2.1.121: CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS=1 + Opus 4.7 causes 401 "OAuth authentication is currently not supported" retry-loop anthropics/claude-code#54235 — upstream regression filing
• OpenClaw #41444 — root-cause analysis (Object.assign source-order merge clobbers the OAuth gate)

Anthropic shipped a partial fix in 2.1.123 and refactored the beta system in 2.1.126, but real-world load still reproduces the 401.

Fix

On OAuth-account requests, ensure oauth-2025-04-20 is present in anthropic-beta before forwarding upstream. Idempotent — no-op when claude-code includes it correctly. Gated on isOAuth === true so x-api-key flows are untouched. 14 lines (including an 8-line comment block).

if (isOAuth) {
  const REQUIRED_OAUTH_BETA = 'oauth-2025-04-20';
  const betaKey = Object.keys(headers).find(k => k.toLowerCase() === 'anthropic-beta');
  const existing = betaKey ? String(headers[betaKey]).split(',').map(s => s.trim()).filter(Boolean) : [];
  if (!existing.includes(REQUIRED_OAUTH_BETA)) {
    existing.unshift(REQUIRED_OAUTH_BETA);
    headers[betaKey || 'anthropic-beta'] = existing.join(',');
  }
}

Validation

Reproduced + fix verified in production (D1DX):

• Pre-patch: first VS Code session request reproduced the 401. Outbound anthropic-beta was missing oauth-2025-04-20:

  anthropic-beta: claude-code-20250219,context-1m-2025-08-07,interleaved-thinking-2025-05-14,context-management-2025-06-27,prompt-caching-scope-2026-01-05,advisor-tool-2026-03-01,effort-2025-11-24
  

• Post-patch: 4 / 5 consecutive responses 200 (the 5th was a 429 rate-limit, unrelated). Header now consistently shows the OAuth gate prepended:

  anthropic-beta: oauth-2025-04-20,claude-code-20250219,context-1m-2025-08-07,...
  

Synthetic-load tests (claude -p "..." with small bodies) did not reliably trigger the bug — only real interactive workloads with large bodies + full tool loadout did. Reproduce with a non-trivial VS Code session if you'd like to verify locally.

Notes

• Cross-repo PR from D1DX:master since our git-managed workflow is single-branch. Happy to rebase to a feature branch if preferred.
• Targeting the case where claude-code is the bug source. If/when Anthropic fully fixes their request-builder, this becomes a permanent no-op (idempotent guard).