feat(billing): add cch attestation for OAuth requests (#8)

## Summary

Add billing attribution header computation with cch request integrity
hash for OAuth-authenticated API requests. This matches Claude Code's
native client attestation protocol, enabling subscription-tier rate
limits and fast mode access.

The cch mechanism was reverse-engineered from Anthropic's custom Bun
binary ([a10k.co
writeup](https://a10k.co/b/reverse-engineering-claude-code-cch.html)) —
it's xxHash64 with a fixed seed, masked to 5 hex chars. The fingerprint
suffix is SHA-256 of salt + 3 characters from the first user message +
version.

- Add `billing.rs` module: `compute_fingerprint` (SHA-256 suffix),
`build_billing_header` (header assembly with placeholder), `inject_cch`
(xxHash64 body hash + single-occurrence replacement).
- Integrate into `anthropic.rs`: for OAuth, prepend billing header as
the first system block, serialize to string, compute and inject cch
before sending.
- Reorder `CreateMessageRequest` fields so `system` serializes before
`messages`, ensuring the placeholder in the billing header is found
first by `str::replacen` even when tool results contain the literal
`cch=00000`.
- Switch `stream_sse` from `serde_json::Value` + `.json()` to `String` +
`.body()` to support post-serialization cch injection.
- API key auth is unaffected — billing header is only injected for
OAuth.

### Avoiding Claude Code's prompt cache bug

Claude Code's Bun runtime performs a global in-place string mutation of
`cch=` values across the entire request body, including historical tool
results
([anthropics/claude-code#40652](anthropics/claude-code#40652)).
This permanently invalidates prompt cache and wastes 30-50K+ tokens per
turn. Our implementation is structurally immune:

- `inject_cch` takes `&str` (immutable) and returns a new `String` —
Rust's ownership model prevents in-place mutation.
- `str::replacen(..., 1)` replaces only the first occurrence (the
billing header's placeholder).
- The conversation `messages` slice is never modified — it's serialized
fresh each turn.

## Changes

| File | Description |
| ---- | ----------- |
| `Cargo.toml` | Add `sha2 = "0.10"` and `xxhash-rust = { version =
"0.8", features = ["xxh64"] }` to workspace dependencies |
| `crates/oxide-code/Cargo.toml` | Wire up `sha2` and `xxhash-rust` |
| `crates/oxide-code/src/client.rs` | Add `mod billing` |
| `crates/oxide-code/src/client/billing.rs` | New module:
`compute_fingerprint`, `build_billing_header`, `inject_cch` with 8 tests
|
| `crates/oxide-code/src/client/anthropic.rs` | Import `billing`,
`ContentBlock`, `Role`; reorder `CreateMessageRequest` fields (`system`
before `messages`); compute billing header for OAuth in
`stream_message`; switch `stream_sse` body from `Value` to `String`; add
`first_user_text` helper with 4 tests |
| `CLAUDE.md` | Add `billing.rs` to crate structure diagram |
| `docs/research/anthropic-api.md` | Replace "tamper-proof /
unreplicable" characterization with full reverse-engineered algorithm,
constants, known bugs, and oxide-code's approach |

## Test plan

- [x] `cargo fmt --all --check` — clean
- [x] `cargo build` compiles cleanly
- [x] `cargo clippy --all-targets -- -D warnings` — zero warnings
- [x] `cargo test` — 208 tests pass (12 new)
- [x] `cargo llvm-cov --ignore-filename-regex 'main\.rs'` — 87% line
coverage (`billing.rs` at 100%)

Author: hakula139

.cspell/words.txt

@@ -1,4 +1,5 @@
 anthropic
+anthropics
 anyhow
 claudemd
 clippy
@@ -15,6 +16,7 @@ RAII
 ratatui
 replacen
 reqwest
+rfind
 rustls
 serde
 strum
@@ -23,3 +25,4 @@ thiserror
 tokio
 tracing
 venv
+xxhash

CLAUDE.md

@@ -7,42 +7,43 @@ oxide-code is a terminal-based AI coding assistant written in Rust, inspired by
 ### CLI
 
 ```bash
-ox                      # Start an interactive session
+ox     # Start an interactive session
 ```
 
 ### Project Layout
 
 ```text
 .
-├── crates/oxide-code/  # Main binary crate
-├── docs/               # Roadmap and research notes
-└── target/             # Build output
+├── crates/oxide-code/          # Main binary crate
+├── docs/                       # Roadmap and research notes
+└── target/                     # Build output
 ```
 
 ### Crate Structure (`crates/oxide-code/src/`)
 
 ```text
 .
-├── client.rs           # Client module root
+├── client.rs                   # Client module root
 ├── client/
-│   └── anthropic.rs    # Anthropic Messages API streaming client
-├── config.rs           # Configuration loading (env vars, model, base URL)
+│   ├── anthropic.rs            # Anthropic Messages API streaming client
+│   └── billing.rs              # Billing attribution header (fingerprint, cch attestation)
+├── config.rs                   # Configuration loading (env vars, model, base URL)
 ├── config/
-│   └── oauth.rs        # Claude Code OAuth credentials (macOS Keychain + file), token refresh, file locking
-├── main.rs             # CLI entry point, agent loop, async REPL
-├── message.rs          # Conversation message types
-├── prompt.rs           # System prompt builder (section assembly, static content)
+│   └── oauth.rs                # Claude Code OAuth credentials (macOS Keychain + file), token refresh, file locking
+├── main.rs                     # CLI entry point, agent loop, async REPL
+├── message.rs                  # Conversation message types
+├── prompt.rs                   # System prompt builder (section assembly, static content)
 ├── prompt/
-│   ├── environment.rs  # Runtime environment detection (platform, git, date)
-│   └── instructions.rs # Instruction file discovery and loading (CLAUDE.md, AGENTS.md)
-├── tool.rs             # Tool trait, registry, definitions
+│   ├── environment.rs          # Runtime environment detection (platform, git, date)
+│   └── instructions.rs         # Instruction file discovery and loading (CLAUDE.md, AGENTS.md)
+├── tool.rs                     # Tool trait, registry, definitions
 └── tool/
-    ├── bash.rs         # Shell command execution with timeout
-    ├── edit.rs         # Exact string replacement in files
-    ├── glob.rs         # File pattern matching (glob)
-    ├── grep.rs         # Content search via regex
-    ├── read.rs         # File reading with line numbers and pagination
-    └── write.rs        # File writing with directory creation
+    ├── bash.rs                 # Shell command execution with timeout
+    ├── edit.rs                 # Exact string replacement in files
+    ├── glob.rs                 # File pattern matching (glob)
+    ├── grep.rs                 # Content search via regex
+    ├── read.rs                 # File reading with line numbers and pagination
+    └── write.rs                # File writing with directory creation
 ```
 
 ## Coding Conventions

Cargo.lock

@@ -32,6 +32,7 @@ reqwest = { version = "0.12", default-features = false, features = [
 security-framework = "3"
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"
+sha2 = "0.10"
 tempfile = "3"
 time = { version = "0.3", features = ["local-offset"] }
 tokio = { version = "1", features = [
@@ -50,6 +51,7 @@ tracing-subscriber = { version = "0.3", default-features = false, features = [
   "env-filter",
   "fmt",
 ] }
+xxhash-rust = { version = "0.8", features = ["xxh64"] }
 
 [profile.release]
 lto = true

Cargo.toml

@@ -23,10 +23,12 @@ regex.workspace = true
 reqwest.workspace = true
 serde.workspace = true
 serde_json.workspace = true
+sha2.workspace = true
 time.workspace = true
 tokio.workspace = true
 tracing.workspace = true
 tracing-subscriber.workspace = true
+xxhash-rust.workspace = true
 
 [target.'cfg(target_os = "macos")'.dependencies]
 security-framework.workspace = true

crates/oxide-code/Cargo.toml

@@ -1 +1,2 @@
 pub mod anthropic;
+mod billing;