fix: third-party provider compat — update, metrics, and refusal message#1406
Open
oyi77 wants to merge 2 commits into
Open
fix: third-party provider compat — update, metrics, and refusal message#1406oyi77 wants to merge 2 commits into
oyi77 wants to merge 2 commits into
Conversation
…l message Four fixes for third-party provider users: 1. cli/update.ts: Allow self-update for non-Anthropic builds by checking PACKAGE_URL instead of blocking all non-firstParty providers. 2. utils/autoUpdater.ts: Same fix for assertMinVersion() — allow version checks for builds with custom PACKAGE_URL. 3. api/metricsOptOut.ts: Gate Anthropic metrics endpoint behind firstParty check so 3P providers don't hit api.anthropic.com and get auth errors. 4. api/errors.ts: Replace hardcoded 'claude-sonnet-4-20250514' in refusal message with getDefaultMainLoopModel() for provider-appropriate suggestion.
kevincodex1
previously approved these changes
May 28, 2026
jatmn
requested changes
May 28, 2026
Collaborator
jatmn
left a comment
jatmn
left a comment
There was a problem hiding this comment.
Thanks for the update. I took another pass through the changed paths and found one issue that still needs to be addressed before this is ready.
Findings
- [P2] Apply the third-party metrics gate before reusing the disk cache
src/services/api/metricsOptOut.ts:144
The new provider check only runs inside_fetchMetricsEnabled(), butcheckMetricsEnabled()returnsmetricsStatusCachefirst. If a user previously ran a first-party session where the Anthropic metrics API returnedenabled: true, then switches the same OpenClaude install to OpenAI/Gemini/etc., this path will keep returningenabled: truefrom disk for up to 24 hours and never reach the newgetAPIProvider() !== 'firstParty'short-circuit. That means the PR's "third-party providers should not use Anthropic metrics" behavior is not guaranteed for existing cached installs. Please short-circuit non-first-party sessions before reading the shared disk cache, or make the cache provider/account scoped so first-party state cannot be reused by third-party sessions.
Address review feedback: stale first-party metrics cache could leak enabled:true to third-party sessions. Short-circuit non-firstParty before reading the shared disk cache.
Author
|
Fixed. Added firstParty gate in |
jatmn
approved these changes
May 29, 2026
Collaborator
jatmn
left a comment
jatmn
left a comment
There was a problem hiding this comment.
Thanks for the update. I rechecked the previously discussed paths and do not see any remaining actionable issues from my side.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Four fixes for third-party provider users:
1.
openclaude updateblocked for all 3P userssrc/cli/update.ts— Changed gate fromgetAPIProvider() !== 'firstParty'to also checkMACRO.PACKAGE_URL === '@anthropic-ai/claude-code'. OpenClaude builds (wherePACKAGE_URLis@gitlawb/openclaude) can now self-update from npm.src/utils/autoUpdater.ts— Same fix inassertMinVersion().2. Metrics endpoint called by 3P providers
src/services/api/metricsOptOut.ts— Added firstParty gate to_fetchMetricsEnabled(). Previously, 3P users with API keys would hitapi.anthropic.com/api/claude_code/organizations/metrics_enabledand get auth errors.3. Stale hardcoded model in refusal message
src/services/api/errors.ts— Replaced hardcoded'claude-sonnet-4-20250514'withgetDefaultMainLoopModel()so the model suggestion is always current and provider-appropriate.Testing
openclaude updateshould work for non-Anthropic builds{ metrics_logging_enabled: false }for 3P without hitting Anthropic