CostTracker never detects raw x-api-key/HTTP Anthropic calls — broken regex + unknown classification

[ugiya]

Summary

CostTracker's raw-HTTP x-api-key detector never fires. Two compounding bugs mean a genuine raw x-api-key HTTP call to Anthropic — the exact billing-bypass class the tool targets — is silently missed (the tool fails open).

Bug 1 — broken regex (literal pipe, not alternation)

The pattern is:

"x-api-key.*anthropic\\|x-api-key.*sk-ant"

In the regex handed to rg, \| is a literal pipe, not alternation. So it only matches a line literally containing anthropic|x-api-key, which never occurs in real code.

Reproduce:

# current pattern — no match:
printf 'headers["x-api-key"]="sk-ant-abc"\n' | rg -e 'x-api-key.*anthropic\|x-api-key.*sk-ant'
# corrected pattern — matches:
printf 'headers["x-api-key"]="sk-ant-abc"\n' | rg -e 'x-api-key.*(anthropic|sk-ant)'

Bug 2 — raw-HTTP hits classify as unknown, never bypass

Even when a raw-HTTP pattern (api.anthropic.com/v1/messages) matches, the classifier routes only --bare and SDK reasons to bypass; raw-HTTP falls through to unknown, so it never raises an alert and goes silent after the first baseline.

Impact

A false negative in a security/cost leak detector — more dangerous than the companion false-positive issue, because the failure is silent. A real raw x-api-key call to Anthropic bills the API and is never flagged.

Fix

• Regex → x-api-key.*(anthropic|sk-ant) (proper alternation).
• Raw-HTTP patterns classify bypass.
• Regression tests assert the pattern matches sk-ant/anthropic lines and rejects a literal-pipe-only line.