A minor release with one feature in coordination with claude-code-meter v0.7.0, two opt-in surfaces (server-side debug logging and a corp-proxy / custom-CA install-service path), one cache bugfix that affects users behind a chained reverse proxy, and tooling cleanup.

Highlights

Recover per-CC-session attribution from usage.jsonl (#210, cross-repo with meter v0.7.0)

Adds optional request_id to MeterRowSchema v:1 rows. Gated default-off via CACHE_FIX_USAGE_LOG_REQID=on. Sourced from the upstream request-id response header.

Why this matters: the existing sid field is sha256(pid + Date.now() + Math.random()) generated once at proxy boot and shared across every CC session the proxy serves. On multi-session hosts, session-level cost questions are structurally unanswerable from the meter view. With request_id on, every row carries a value that CC's per-session JSONL transcripts at ~/.claude/projects/<project>/<session-uuid>.jsonl also record — the post-hoc join recovers per-session attribution.

Requires claude-code-meter >= v0.7.0 to ingest rows carrying the field. v4.1.0 ships the gate default-off so unpatched meter installs don't see breakage. The gate flips default-on in v4.2.0; operators upgrading to v4.2.0 will need meter v0.7.0+.

Opt-in server.mjs debug logging (#190, @nisqatsi)

CACHE_FIX_DEBUG=1 activates a per-request trace log at ~/.claude/cache-fix-debug.log (override path via CACHE_FIX_DEBUG_LOG). Header redaction is mandatory at the capture site: Authorization, x-api-key, cookie, set-cookie, proxy-authorization never appear in the log. Dispatcher catches async handler rejections so promise rejections from preForward() or pipeline hooks no longer escape to unhandledRejection. 500 fallback body is generic — no error.message echo.

install-service threads auth options to systemd / launchd (#189, @nisqatsi)

CACHE_FIX_PROXY_CA_FILE and CACHE_FIX_PROXY_REJECT_UNAUTHORIZED now ride into the rendered systemd unit and launchd plist. Corp-proxy and custom-CA setups survive install-service round-trips on both platforms. The systemd Environment= value escape is hardened against % (specifier expansion) and \ (C-string unescape); the launchd plist escape handles all five XML entities.

Fix: preserve base-path in upstream URL forming (#188, @nisqatsi)

Configurations that chain cache-fix-proxy through another reverse proxy that mounts the Anthropic API under a path prefix (e.g., https://corp.example/api/anthropic/v1/messages) now forward correctly. Previously the proxy concatenated only the upstream host with the inbound path, dropping the base-path component.

tools/cache_analysis.py reference helper (#138)

Closes meter#22 part 1. Now version-controlled in this repo and shipped via the existing tools/ package.json entry. The host-installed copy at ~/.claude/mcp/cache_analysis.py had been silently returning None for 15 days post-v3.5.0 because the local helper lacked the new path-fallback.

Documentation

• Scrubbed the npm token location, org name, and rotation cadence from docs/release-workflow.md (#208). The combination was a public-repo information-hygiene issue per CLAUDE.md.
• README freshen for v4.0.0: version callout, extension-count language, Docker tag ladder, bootstrap-defense framing (#209).

Contributors

@nisqatsi — three PRs this release (#188, #189, #190). Thank you for the upstream-URL fix, the install-service auth threading + escape hardening, and the server.mjs debug logging.

Upgrade

npm install -g claude-code-cache-fix@4.1.0
systemctl --user restart cache-fix-proxy # Linux
launchctl kickstart gui/\$(id -u)/com.cnighswonger.cache-fix-proxy # macOS

No daemon-reload or plist reinstall required for the code-only upgrade. Existing services continue to work; the new features and gates are opt-in.

Full changelog

CHANGELOG.md#410---2026年06月10日

Contributors

• @nisqatsi

v4.0.0 is a major release because two long-standing defaults change. Both flips are backed by empirical data, both have explicit opt-out paths, and the upgrade flow now includes one supervisor-restart step you should be aware of before running npm install -g.

What changed

thinking-block-sanitize v1 is now ON by default (#162, #201). Was opt-in via CACHE_FIX_THINKING_SANITIZE=on in v3.8.0–v3.9.x. Seven days of prod dogfood across 37 sessions: zero cannot be modified 400s, cache hit-rate aggregate 94.66% vs 92.44% baseline (no prefix degradation), sanitize fired on ~35% of sessions with ~800 blocks dropped per day, max 938K context healthy. Set CACHE_FIX_THINKING_SANITIZE=off to explicitly disable. Credit to @yurukusa for the 13E cluster taxonomy work upstream.

In-process extension hot-reload is now OFF by default (#196, #200). Was on in v3.x. Eliminates the Node ESM stale-import race that silently broke thinking-block-sanitize v2 for 17 hours after PR #192's merge in v3.9.x. Set CACHE_FIX_HOT_RELOAD=on in your environment (or in the install-service env) to restore the prior behavior.

A supervisor-level proxy restart is now required after npm install -g claude-code-cache-fix@4 to pick up extension changes. See Upgrading from v3.x for per-platform restart commands (systemctl --user restart cache-fix-proxy on Linux, launchctl kickstart on macOS).

Embedder note (Bun hosts, DAP-style integrators using createProxyServer() / startProxy()): the sanitize default-on flip will run on every request body passing through the embedded proxy. If your host depends on the prior no-sanitization behavior, set CACHE_FIX_THINKING_SANITIZE=off in the host environment, or process.env.CACHE_FIX_THINKING_SANITIZE = "off" in your code at any point before request handling. The mode is read per-request via modeFromEnv(), not cached at module load.

Also new

• thinking-block-sanitize v2 ships as opt-in (#171, #192). Set CACHE_FIX_THINKING_SANITIZE=v2 (a strict superset of =on). Detects cross-request tools-surface change and strips ALL prior-turn signed thinking (both thinking blocks with non-empty text AND redacted_thinking blocks) when the hash flips. Targets yurukusa's 13E ToolSearch sub-pattern of #63147, where dynamically-loaded tools mid-conversation invalidate the prior assistant turn's thinking signature and produce a per-turn 400 + retry tax. v2 stays opt-in pending its own prod-dogfood window, now that #196 has closed the silent-load failure mode.
• /health extension-load observability (#197). When any extension fails to import, /health returns 503 + {status:"degraded", failed_extensions:[...], hint:"restart the proxy via your supervisor to recover..."} so monitoring catches load failures within seconds instead of leaving the operator to grep the journal. Healthy proxies still return 200 + {status:"ok"}. New getFailedExtensions() export on proxy/pipeline.mjs for operator-facing tooling.

Upgrade

npm install -g claude-code-cache-fix@4
# then restart your proxy via its supervisor — required to pick up the new code
systemctl --user restart cache-fix-proxy # Linux
launchctl kickstart gui/$(id -u)/com.cnighswonger.cache-fix-proxy # macOS

If you want hot-reload back: CACHE_FIX_HOT_RELOAD=on in env, or pass it to cache-fix-proxy install-service to bake into the unit/plist.

If you want sanitize off: CACHE_FIX_THINKING_SANITIZE=off in env.

See README.md § Upgrading from v3.x for the two-flow upgrade procedure (Flow 1: code-only npm upgrade; Flow 2: install-service rerun with rewritten unit/plist).

Contributors this release

• @yurukusa — #63147 13E cluster taxonomy and synthesis comment that made the v2 sanitize predicate tractable

References

• Directive: #198 (hot-reload opt-in)
• Implementation: #200 (hot-reload), #201 (sanitize default-on), #197 (observability), #202 (post-#201 wording sweep)
• Upstream context: anthropics/claude-code#63147

Full CHANGELOG.

First release routed through cc-triage. Two upstream-CC-bug workarounds, both load-bearing, both through full Codex + Lead + Chris human review.

Features

auto-1m-guard proxy extension (#186) — addresses CC#64919

Detects the context-1m-2025年08月07日 token on the outbound anthropic-beta request header and either annotates the session JSON (warn) or removes the token before forwarding (strip). Modes via CACHE_FIX_AUTO_1M_GUARD:

• off — extension no-op
• warn (default) — annotation + stderr log line, no request mutation
• strip (opt-in) — additionally removes the token from the header, defensive against duplicates, rejoins with the CC-canonical , separator

Addresses the VS Code Extension v2.1.161 behavior of force-selecting 1M context on Pro Plan and immediately consuming overage credits. The CC-side kill switch is CLAUDE_CODE_DISABLE_1M_CONTEXT=1; the proxy intercept covers the gap where that env var is reportedly unreliable on the VS Code extension surface.

Binary-walk in the directive (verified against CC v2.1.148 AND v2.1.161) established that CC strips the [1m] suffix from req.body.model client-side via the model sanitizer (sL / kJ) before sending, so the proxy-visible signal is the beta header, not the model field. See docs/directives/proxy-auto-1m-guard.md for the full binary references and name-translation table for future re-verifications.

worktree-edit-guard PreToolUse hook (#184) — addresses CC#59628

Ships under hooks/examples/worktree-edit-guard.py. PreToolUse hook script that blocks Edit/Write/MultiEdit/NotebookEdit tool calls whose realpath'd target falls outside the active git worktree, addressing the data-loss case where worktree sessions can dirty the parent main checkout's branch with no guardrail.

Strict-containment via realpath comparison. Depth-stable worktree detection via realpath-equality of git rev-parse --git-dir / --git-common-dir (works from any subdirectory). Symlink-escape covered for both existing targets and not-yet-existing targets (parent-dir realpath catches a symlinked parent). Independent of the proxy — users install by pointing at the absolute path from their own ~/.claude/settings.json. See docs/hooks/worktree-edit-guard.md for the install snippet.

A real load-bearing symlink-escape bug was caught during Codex review and fixed before release — the original implementation always used parent-dir realpath + basename, which let an existing symlink-file target resolve back to itself instead of its destination.

Other changes

• tools/manual-compact.sh defaults to claude-opus-4-7 (was Sonnet 4.6) with relaxed per-turn truncation caps for higher-fidelity summaries (#169)
• statusline: round bar tick like fill (community contribution, thanks @schuay, #155)
• README (zh) refreshed to match the latest English (#178)

Packaging

• hooks/ added to the npm files allowlist. Users installing via npm get hooks/examples/worktree-edit-guard.py and hooks/README.md locally at <npm-prefix>/lib/node_modules/claude-code-cache-fix/hooks/....

Tests

927 → 950 (+23 auto-1m-guard tests; +20 worktree-edit-guard tests from #184 also counted in the new total). All 950 pass on the exact released commit.

Install

npm install -g claude-code-cache-fix@3.9.0

Full diff

v3.8.0...v3.9.0

Contributors

• @schuay

The thinking-desync response — both halves of the mitigation for the Claude Code thinking-desync wedge (upstream anthropics/claude-code#63147), where long-running Opus 4.7 [1m] sessions die with a permanent 400 ... thinking blocks ... cannot be modified.

Added

• session-health early-warning (#160) — read-only per-session telemetry (context_tokens, thinking_block_count, thinking_block_max, first_seen, request_count, thinking_desync_risk) written to ~/.claude/quota-status/sessions/<id>.json, plus a token-gated one-time stderr warn before a session reaches the danger zone. Thresholds: CACHE_FIX_THINKING_RISK_HIGH_TOKENS (340000) / _WARN_TOKENS (250000); CACHE_FIX_THINKING_RISK=off suppresses the signal. Never mutates the body.
• thinking-block-sanitize (#162), opt-in — CACHE_FIX_THINKING_SANITIZE=on drops the omitted (thinking:"") extended-thinking blocks CC re-sends on history-replay paths, before the request is forwarded. Drops from all prior assistant turns and the latest unless it is an active tool-continuation. Deterministic / cache-prefix-stable; counts only. This is the only path that keeps thinking and avoids the wedge for the paths it covers (no env var does both).

Fixed

• ttl-management (#157/#159) — never injects a TTL into thinking/redacted_thinking blocks (a latent mutation path that the API would reject).

Install / upgrade

npm install -g claude-code-cache-fix

session-health is on by default (read-only). The thinking-block-sanitize mutator is opt-in — enable it with CACHE_FIX_THINKING_SANITIZE=on.

Full changelog: see CHANGELOG.md.

Summary

Cache-fix v3.7.1 extends bootstrap-defense to cover a new prompt-injection surface that landed in Claude Code v2.1.152. v3.7.0 audited the original tengu_heron_brook channel; v3.7.1 also audits the env-var-selected GrowthBook surface (CLAUDE_CODE_SYSTEM_PROMPT_GB_FEATURE) that activates in remote-control mode, closing the coverage gap for the same threat class.

Default behavior is unchanged from v3.7.0. Existing users running bootstrap-defense in audit mode get expanded coverage on upgrade — no new behavior class, no opt-out required. Two new opt-in capabilities ship alongside for security-forward operators.

This is a maintenance-mode patch release under the security-extension carve-out formalized this release: same feature, same threat class, defaults unchanged, directive-endorsed scope.

What's new

New audit-log fields (schema v1 → v2). Each ~/.claude/cache-fix-bootstrap-log.jsonl record now carries:

• surface — which consumer pattern fired ("bootstrap" for legacy tengu_heron_brook, "prompt_injection_gb" for env-var-selected key)
• prompt_key — the GrowthBook key read as prompt source (or null)
• prompt_value_hash — SHA-256 of the flag value, first 16 hex chars (never the value itself; PII discipline preserved)
• remote_mode — whether CLAUDE_CODE_REMOTE is set
• stripped_keys — keys removed from the response in allowlist mode ([] otherwise)

Multi-surface responses (e.g. both the legacy key and the env-var-selected key present) emit one record per detected surface, correlated by shared request_id + timestamp window. v1 record readers are unaffected — all v1 fields remain unchanged.

New allowlist mode alongside the existing audit (default) and block. Strips non-allowlisted prompt-source-eligible keys from the bootstrap response body before it reaches CC. Opt-in via:

export CACHE_FIX_BOOTSTRAP_MODE=allowlist
# default allowlist is ["tengu_heron_brook"]; configure with:
export CACHE_FIX_BOOTSTRAP_ALLOWED_KEYS=tengu_heron_brook,my_other_legit_key
# or explicit empty for deny-all:
export CACHE_FIX_BOOTSTRAP_ALLOWED_KEYS=

Other GrowthBook flag keys in the response pass through untouched — allowlist mode only filters prompt-source-eligible keys. Marked experimental because Anthropic could add new legitimate prompt-source keys in future CC releases that would need allowlist updates.

Upgrade

npm install -g claude-code-cache-fix@3.7.1

No config changes required for the default audit mode. Existing CACHE_FIX_BOOTSTRAP_MODE=block users get unchanged block semantics (empty 200 from onRequest, no flag map reaches the on-disk GrowthBook cache).

Out of scope (deferred to a later release)

• Stale on-disk GrowthBook cache reuse. If CC reads a flag value cached from a prior bootstrap fetch that didn't pass through this proxy run, v3.7.1 will not emit a fresh audit record for that session. Users wanting belt-and-suspenders here should run block or allowlist mode — both prevent new injection-class keys from reaching the on-disk cache going forward.
• Granular block mode (parse → strip-specific-keys → re-serialize as the default block behavior). allowlist mode is the granular-strip path for v3.7.1; the existing empty-200 block contract is preserved unchanged.
• Content-pattern key filtering. Current allowlist is key-name-only.

Validation

• Tests: 850 → 871 (+21), full suite green on the tagged commit
• Docker smoke test (docs/release-tests/v3.7.1-docker-smoke-2026年05月27日.md) — five-section verdict GREEN against node:22-alpine
• Codex cross-LLM review approved at the release HEAD under the amended workflow

References

• Directive (#153) — full design Q&A
• PR #154 — implementation
• docs/disclosure/heron-brook-2026-05.md — original heron_brook disclosure for the v3.7.0 surface
• Full CHANGELOG entry

Bootstrap-channel handling and audit logging. Adds explicit handling for Claude Code v2.1.150's /api/claude_cli/bootstrap endpoint, with local audit logging at ~/.claude/cache-fix-bootstrap-log.jsonl (5 MB cap, .1 rotation). Forward-compatible record fields land the schema v3.8.0's anomaly-detection extension will populate.

Behavior change for existing cache-fix users

Prior versions returned 404 for any Anthropic API path other than /v1/messages and /health, so bootstrap-section content was not previously reaching CC for cache-fix users. v3.7.0 default mode is audit: bootstrap responses now proxy through to CC and are logged locally for inspection.

Users who want to preserve v3.6.2's de-facto block behavior should set CACHE_FIX_BOOTSTRAP_MODE=block in the proxy environment, which short-circuits the upstream call and returns a 200 with an empty JSON body. The block event itself is still logged — auditability of blocks matters more than log volume.

Background

CC v2.1.150 added a prompt-section consumer (nAA() / heron_brook) that reads server-supplied strings from /api/claude_cli/bootstrap and merges them into the agent's behavioral-instructions prompt. We filed the behavior with Anthropic via HackerOne VDP on 2026年05月25日; the report was closed as Informative on 2026年05月26日, with Anthropic treating TLS as the transport-integrity boundary and declining to add application-layer authenticity checks. v3.7.0 gives cache-fix users local visibility into bootstrap-channel content (audit mode) and an opt-in path to drop it (block mode).

Full disposition record: docs/disclosure/heron-brook-2026-05.md. Wire-level reproducer: cnighswonger/heron-brook-poc.

Also changed

• tools/quota-statusline.sh: autoselect d/h vs h/m time format, unified burn-warmup gate (#143). Durations ≥ 1 day render as Nd Hh; below a day, Hh Mm. Burn-rate warmup is now a unified 5-minute gate for both Q5h and Q7d. Contributed by @schuay — thank you.

Tests

831 → 850 (+20): bootstrap-defense unit suite, proxy-server bootstrap integration, and a new 300s warmup-gate pin closing a contract gap in the statusline suite.

Upgrade

npm install -g claude-code-cache-fix@3.7.0

No-op for existing users on the default audit mode; opt into block by setting CACHE_FIX_BOOTSTRAP_MODE=block in the proxy environment before restart.

Patch release. Two contributor PRs ship together, plus a small doc-accuracy correction.

Contributors

• @schuay — statusline quota-bar rework (#140)
• @fgrosswig — CC binary analysis informing the recommended config section (#139)

What's new

Statusline rework — quota bar with exhaust projection (#140)

Contributed by @schuay. tools/quota-statusline.sh now renders each window as a 10-cell bar with an elapsed-time tick, plus a (exhaust X, reset Y) projection:

Q5h [███░┃░░░░░] 30% (exhaust 4h40m, reset 3h00m) | Q7d [█████┃░░░░] 53% (exhaust 3d 13h, reset 3d 0h) | TTL:1h 98.3%

• Filled cells are consumed quota.
• Tick ┃ marks wall-clock elapsed position in the window. Tick to the right of fill = under pace. Tick inside fill = burning faster than time.
• exhaust = projected time-to-100% at the current burn rate.
• reset = wall-clock time until window rollover.
• When exhaust < reset, you'll hit 100% before the window resets — back off.

Output format break: downstream tools that grep Q5h: N% need to switch to Q5h \[.{10}\] N%. The bar uses standard Unicode block characters (█┃░); terminals without Unicode font coverage will need a Unicode-capable monospace font. TTL / hit-rate / PEAK / OVERAGE suffix segments are unchanged.

Thank you, @schuay.

Recommended CC operational config — README section (#139)

New README section documenting three ~/.claude/settings.json env vars that solve adjacent CC problems the proxy can't reach:

• CLAUDE_CODE_DISABLE_LEGACY_MODEL_REMAP=1 — disables CC's silent post-update model remap.
• ANTHROPIC_MODEL — pins the primary model so cache prefix stays stable across CC version bumps.
• ANTHROPIC_SMALL_FAST_MODEL — pins the side-channel fast model.

Plus caveats on autoCompactWindow=1M (only works on 1M-eligible models with the right beta header) and CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS=1 (strips tool fields outside ["name", "description", "input_schema", "cache_control"]).

Findings sourced from @fgrosswig's binary analysis of CC v2.1.91 — public methodology (PowerShell + ASCII string extraction), privately shared punch list. Thank you, @fgrosswig.

README provenance-claim correction (#134)

The prior README's supply-chain paragraph claimed "npm provenance links each published version to its source commit." Verified against the npm registry: no published release carries sigstore provenance attestations — only the default signatures field. Corrected the wording to match reality. No package behavior change.

Upgrade

npm install -g claude-code-cache-fix@3.6.2

Tests

824 → 831 (+7): seven new format-contract tests pinning the quota-bar output across edge cases (under-pace, over-pace, missing resets_at, stale window, fresh window, pre-warmup, at-cap).

Contributors

• @schuay
• @fgrosswig

Patch release shipping a new proxy extension that restores Opus 4.7 thinking summaries in non-interactive CC surfaces — VS Code chat panel, Antigravity panel, SDK, claude --print, anything spawned with --input-format stream-json.

What's new

thinking-display extension

On Opus 4.7, Anthropic flipped the thinking.display API default to "omitted". Claude Code's CLI propagates display: "summarized" only when the session is interactive (via !getIsNonInteractiveSession()) — so every non-interactive subprocess sends a thinking-enabled request without display, and the API returns thinking blocks whose thinking field is empty plus a multi-KB signature. The UI shows a static "Thinking" stub but no reasoning content.

This extension injects thinking.display = "summarized" at the proxy boundary when:

• Model matches /^claude-opus-4-7/
• thinking.type is "enabled" or "adaptive"
• display is unset (user opt-out always preserved)

Default-on on Opus 4.7 after the cache-prefix test measured 0% absolute drop in steady-state cache_read ratio with injection active (5 sequential claude -p calls per window, baseline vs injected, both windows at 1.000 ratio from call 2 onward).

Override via env var:

export CACHE_FIX_THINKING_DISPLAY=summarized # default (restores summaries)
export CACHE_FIX_THINKING_DISPLAY=omitted # force-suppress thinking blocks
export CACHE_FIX_THINKING_DISPLAY=disabled # extension no-op

Upstream root-cause analysis and patch proposal: anthropics/claude-code#59844. Credit to @ojura for the CLI-binary decode and the two-stacked-special-cases framing — this extension is the proxy-side complement.

docs/parallel-proxy-test-harness.md

Developer test harness pattern for end-to-end extension testing. Spin up a parallel proxy on a different port from the feature branch, route claude -p traffic through it via ANTHROPIC_BASE_URL (bypassing the local wrapper that hardcodes :9801), capture real request bodies via a diagnostic extension, run baseline-vs-injected comparisons against live Anthropic API. The harness surfaced the spec/reality mismatch on this very feature (CC v2.1.131 ships thinking.type: "adaptive", not "enabled" as the upstream issue described) that no unit test would have caught.

Tests

793 → 824 (+31): full coverage of the new extension's resolveMode, MODEL_REGEX, shouldInject, and onRequest paths, including the pinned regression test that the extension never overwrites a user's explicit display opt-out.

Install / upgrade

npm install -g claude-code-cache-fix@3.6.1
# or
npm update -g claude-code-cache-fix

If you're running cache-fix-proxy as a service, restart it to pick up the new extension:

systemctl --user restart cache-fix-proxy

Full changelog

See CHANGELOG.md.

Minor release — new public API for in-process embedding.

Added

• Embeddable proxy factory: createProxyServer() + startProxy(options) exported from claude-code-cache-fix/proxy/server (#123). Lets Node/Bun hosts run the cache-fix proxy in-process instead of forking a child via the cache-fix-proxy bin. The CLI entrypoint (node proxy/server.mjs, cache-fix-proxy server, and the wrapper's child-fork path) is preserved — auto-listen and SIGTERM/SIGINT handlers are now gated behind an import.meta.url === pathToFileURL(process.argv[1]).href main-module check, so library imports have no side effects. package.json exports adds a ./proxy/server subpath; the root entry (./preload.mjs) is unchanged. README section added documenting the new API + the "one extension registry per process" constraint. Contributed by @bilby91 (Crunchloop DAP) — thank you, Martín.

Fixed

• startProxy().close() now also closes the file watcher (#124). The initial implementation in #123 captured the http server but discarded the handle returned by startWatcher(). Embedded hosts with watch: true (the default) that started/stopped the proxy across lifecycle iterations leaked two fs.watch handles per cycle. Four-line capture+close in startProxy().

Install

```
npm install -g claude-code-cache-fix@3.6.0
```

Full changelog: CHANGELOG.md

Bug fix release. Accounts on Anthropic overage billing had a silent statusline.

Fixed

• cache-telemetry: overage-billing accounts had silent statusline (#121). Account variant returned anthropic-ratelimit-unified-reset + anthropic-ratelimit-unified-overage-reset instead of the 5h/7d-specific reset headers. The parseHeaders guard required q5h_reset || q7d_reset and returned null for every request on these accounts, so cache-telemetry wrote no account.json or session file and the statusline had no TTL/hit-rate data. Fix widens the guard to accept any reset timestamp. Adds test 6a covering the overage-only header shape end-to-end. Reported and fixed by @TemaThe — thank you.

Tests

788 → 789 (+1): test 6a covers the overage-billing header shape end-to-end through onResponseStart and onStreamEvent.

Install

```
npm install -g claude-code-cache-fix@3.5.5
```

Full changelog: CHANGELOG.md