A Pi extension that improves compatibility with Anthropic Claude Pro/Max OAuth (i.e., your Claude subscription) while preserving Pi's normal Anthropic behavior.
Pi works great with Anthropic API keys out of the box. This extension fills in the gaps for users who want to use their Claude Pro or Max subscription via OAuth instead.
It keeps everything you'd expect — the built-in anthropic provider, the full model list, API-key behavior, and the native /login anthropic flow — and layers on the compatibility fixes needed to make OAuth subscriptions work reliably.
Requests to non-Anthropic providers and plain API-key Anthropic requests pass through completely untouched — the extension only activates when it detects an Anthropic OAuth access token (sk-ant-oat).
Shaping runs in a thin transport wrapper around Pi's own Anthropic transport, so it applies to every OAuth call path — the interactive loop, compaction, and any background-agent work — not just the main turn. See docs/architecture.md for how this works.
pi install npm:@gotgenes/pi-anthropic-authTo try it without permanently installing:
pi -e npm:@gotgenes/pi-anthropic-auth- Run
/login anthropicas usual — Pi's native Anthropic login flow is preserved. - Select a Claude Pro/Max model and start chatting. The extension handles compatibility transparently.
- API-key behavior is unaffected; the extension's changes apply only to OAuth sessions.
Run /anthropic-auth:status in Pi to print a diagnostics report:
pi-anthropic-auth diagnostics
version: 0.6.5
module: /root/.pi/agent/.../src/index.ts
built-in Anthropic transport: resolved
The module line shows which copy of the extension loaded.
If the command is not found, the extension is not loaded at all.
Pi's auth resolver gives stored credentials priority over environment variables.
If you have previously run /login anthropic and credentials are stored in ~/.pi/agent/auth.json, Pi uses the stored OAuth token on every request — even when ANTHROPIC_API_KEY is also set.
To use the API key instead, run /logout anthropic inside Pi to remove the stored credentials, or delete auth.json before starting the session.
If you install the extension at image build time with RUN pi install npm:@gotgenes/pi-anthropic-auth and then mount a persistent volume over ~/.pi/agent at runtime, Docker may mask the build-time install.
Docker seeds a named volume with the image directory only on its first creation.
If the volume already exists from a previous image, the extension directory inside it may be empty or out of date.
To fix this, either:
- Remove the volume and let Docker re-seed it:
docker volume rm <volume-name>. - Or install the extension at container startup rather than at image build time, after the volume is mounted.
pnpm- a local
piinstallation - Anthropic OAuth credentials configured through Pi
pnpm install # install dependencies
pnpm run check # typecheck
pnpm test # run tests
pnpm run build # compilepi -e /absolute/path/to/pi-anthropic-auth/dist/index.jsSet PI_ANTHROPIC_AUTH_DEBUG to enable structured debug logs from the OAuth shaping layer.
Modes:
PI_ANTHROPIC_AUTH_DEBUG=all— log all Anthropic OAuth shaping eventsPI_ANTHROPIC_AUTH_DEBUG=tool-use— log only requests that includetool_use
Example:
PI_ANTHROPIC_AUTH_DEBUG=tool-use \
pi \
--model anthropic/claude-haiku-4-5 \
--no-session \
--tools read,grep,find,ls \
-e /absolute/path/to/pi-anthropic-auth/src/index.ts \
-p "How many lines are in @AGENTS.md ?"- opencode-anthropic-auth — Anthropic OAuth compatibility work for OpenCode.
- pi-anthropic-oauth — a Pi extension that takes a fuller provider-override approach.
For notes on how this project compares to similar work, see docs/comparison-to-similar-projects.md.
This project was inspired by opencode-anthropic-auth, which solved the same Anthropic OAuth compatibility problem for OpenCode.
MIT