fix: harden Claude Code request signing

[lvcas163]

Summary

Harden Claude Code request signing so the embedded cch is computed from the exact final outbound Anthropic request body, while also cleaning up the signer’s serialization path and dependencies.

Context

Claude Code signing was previously vulnerable to drift between the body that was hashed and the body that was ultimately sent on the wire. The work in this branch moves signing to the final serialization boundary, tightens request ordering guarantees, fixes first-user-text extraction, and ensures the xxHash dependency required by the signer is present.

Changes

• added a dedicated CchSigning implementation for Anthropic Claude Code requests
• moved signing to the final outbound serialization step in the Anthropic provider
• cached signing and auth-message configuration on the provider instance instead of rebuilding on each request
• ensured system serializes before messages for signing correctness
• reduced unnecessary allocations in auth-message and signer request handling
• added the missing xxhash-rust dependency needed by the signer

Key Implementation Details

• Claude Code signing now happens after all semantic request transforms, immediately before bytes are sent upstream.
• The signer serializes the fully transformed request, computes the CCH hash over that exact compact JSON body, and returns the final signed bytes directly.
• The provider now keeps AuthSystemMessage and CchSigning as stored fields, avoiding repeated environment/config reconstruction on the hot path.
• Anthropic request ordering is documented and enforced so system remains before messages, which is required for stable signing output.
• The branch includes the dependency wiring for xxhash-rust in both the workspace manifest and forge_app.

Use Cases

• Claude Code OAuth requests now carry a cch value that matches the exact JSON sent to Anthropic.
• Future request-shape changes are less likely to silently break Claude Code fast mode or research-preview signing.
• Reviewers can verify the PR as a focused hardening/refactor instead of a broad provider behavior change.

Testing

cargo test -p forge_app cch_signing
cargo test -p forge_app auth_system_message
cargo test -p forge_repo claude_code_oauth
cargo test -p forge_repo transform_request_adds_auth_message_without_signing_for_non_claude_code_oauth
cargo test -p forge_repo vertex_ai_removes_output_format
cargo check -p forge_app --lib --quiet
cargo check -p forge_repo --lib

Links

• Branch: fix/cch-signing-hardening
• Head branch: lvcas163:fix/cch-signing-hardening

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

---

lucas seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}