fix(auth): Improve OAuth credential detection and startup warning

- Enhanced getClaudeAuthIndicators() to return detailed check information including file paths checked and specific error details for debugging - Added debug logging to server startup credential detection for easier troubleshooting in Docker environments - Show paths that were checked in the warning message to help users debug mount issues - Added support for CLAUDE_CODE_OAUTH_TOKEN environment variable - Return authType in verify-claude-auth response to distinguish between OAuth and CLI authentication methods - Updated UI to show specific success messages for Claude Code subscription vs generic CLI auth - Added Docker troubleshooting tips to sandbox risk dialog - Added comprehensive unit tests for OAuth credential detection scenarios Closes #721 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-03 21:03:08 +00:00 · 2026-02-02 17:35:03 +01:00
parent ebc7987988
commit aad3ff2cdf
9 changed files with 1028 additions and 36 deletions
--- a/apps/server/src/index.ts
+++ b/apps/server/src/index.ts
@@ -121,21 +121,89 @@ const BOX_CONTENT_WIDTH = 67;
 // The Claude Agent SDK can use either ANTHROPIC_API_KEY or Claude Code CLI authentication
 (async () => {
  const hasAnthropicKey = !!process.env.ANTHROPIC_API_KEY;
+  const hasEnvOAuthToken = !!process.env.CLAUDE_CODE_OAUTH_TOKEN;
+
+  logger.debug('[CREDENTIAL_CHECK] Starting credential detection...');
+  logger.debug('[CREDENTIAL_CHECK] Environment variables:', {
+    hasAnthropicKey,
+    hasEnvOAuthToken,
+  });

  if (hasAnthropicKey) {
    logger.info('✓ ANTHROPIC_API_KEY detected');
    return;
  }

+  if (hasEnvOAuthToken) {
+    logger.info('✓ CLAUDE_CODE_OAUTH_TOKEN detected');
+    return;
+  }
+
  // Check for Claude Code CLI authentication
+  // Store indicators outside the try block so we can use them in the warning message
+  let cliAuthIndicators: Awaited<ReturnType<typeof getClaudeAuthIndicators>> | null = null;
+
  try {
-    const indicators = await getClaudeAuthIndicators();
+    cliAuthIndicators = await getClaudeAuthIndicators();
+    const indicators = cliAuthIndicators;
+
+    // Log detailed credential detection results
+    logger.debug('[CREDENTIAL_CHECK] Claude CLI auth indicators:', {
+      hasCredentialsFile: indicators.hasCredentialsFile,
+      hasSettingsFile: indicators.hasSettingsFile,
+      hasStatsCacheWithActivity: indicators.hasStatsCacheWithActivity,
+      hasProjectsSessions: indicators.hasProjectsSessions,
+      credentials: indicators.credentials,
+    });
+
+    logger.debug('[CREDENTIAL_CHECK] File check details:', {
+      settingsFile: {
+        path: indicators.checks.settingsFile.path,
+        exists: indicators.checks.settingsFile.exists,
+        readable: indicators.checks.settingsFile.readable,
+        error: indicators.checks.settingsFile.error,
+      },
+      statsCache: {
+        path: indicators.checks.statsCache.path,
+        exists: indicators.checks.statsCache.exists,
+        readable: indicators.checks.statsCache.readable,
+        hasDailyActivity: indicators.checks.statsCache.hasDailyActivity,
+        error: indicators.checks.statsCache.error,
+      },
+      projectsDir: {
+        path: indicators.checks.projectsDir.path,
+        exists: indicators.checks.projectsDir.exists,
+        readable: indicators.checks.projectsDir.readable,
+        entryCount: indicators.checks.projectsDir.entryCount,
+        error: indicators.checks.projectsDir.error,
+      },
+      credentialFiles: indicators.checks.credentialFiles.map((cf) => ({
+        path: cf.path,
+        exists: cf.exists,
+        readable: cf.readable,
+        error: cf.error,
+      })),
+    });
+
    const hasCliAuth =
      indicators.hasStatsCacheWithActivity ||
      (indicators.hasSettingsFile && indicators.hasProjectsSessions) ||
      (indicators.hasCredentialsFile &&
        (indicators.credentials?.hasOAuthToken || indicators.credentials?.hasApiKey));

+    logger.debug('[CREDENTIAL_CHECK] Auth determination:', {
+      hasCliAuth,
+      reason: hasCliAuth
+        ? indicators.hasStatsCacheWithActivity
+          ? 'stats cache with activity'
+          : indicators.hasSettingsFile && indicators.hasProjectsSessions
+            ? 'settings file + project sessions'
+            : indicators.credentials?.hasOAuthToken
+              ? 'credentials file with OAuth token'
+              : 'credentials file with API key'
+        : 'no valid credentials found',
+    });
+
    if (hasCliAuth) {
      logger.info('✓ Claude Code CLI authentication detected');
      return;
@@ -145,7 +213,7 @@ const BOX_CONTENT_WIDTH = 67;
    logger.warn('Error checking for Claude Code CLI authentication:', error);
  }

-  // No authentication found - show warning
+  // No authentication found - show warning with paths that were checked
  const wHeader = '⚠️  WARNING: No Claude authentication configured'.padEnd(BOX_CONTENT_WIDTH);
  const w1 = 'The Claude Agent SDK requires authentication to function.'.padEnd(BOX_CONTENT_WIDTH);
  const w2 = 'Options:'.padEnd(BOX_CONTENT_WIDTH);
@@ -158,6 +226,33 @@ const BOX_CONTENT_WIDTH = 67;
    BOX_CONTENT_WIDTH
  );

+  // Build paths checked summary from the indicators (if available)
+  let pathsCheckedInfo = '';
+  if (cliAuthIndicators) {
+    const pathsChecked: string[] = [];
+
+    // Collect paths that were checked
+    if (cliAuthIndicators.checks.settingsFile.path) {
+      pathsChecked.push(`Settings: ${cliAuthIndicators.checks.settingsFile.path}`);
+    }
+    if (cliAuthIndicators.checks.statsCache.path) {
+      pathsChecked.push(`Stats cache: ${cliAuthIndicators.checks.statsCache.path}`);
+    }
+    if (cliAuthIndicators.checks.projectsDir.path) {
+      pathsChecked.push(`Projects dir: ${cliAuthIndicators.checks.projectsDir.path}`);
+    }
+    for (const credFile of cliAuthIndicators.checks.credentialFiles) {
+      pathsChecked.push(`Credentials: ${credFile.path}`);
+    }
+
+    if (pathsChecked.length > 0) {
+      pathsCheckedInfo = `
+║                                                                     ║
+║  ${'Paths checked:'.padEnd(BOX_CONTENT_WIDTH)}║
+${pathsChecked.map((p) => `║    ${p.substring(0, BOX_CONTENT_WIDTH - 2).padEnd(BOX_CONTENT_WIDTH - 2)}  ║`).join('\n')}`;
+    }
+  }
+
  logger.warn(`
 ╔═════════════════════════════════════════════════════════════════════╗
 ║  ${wHeader}║
@@ -169,7 +264,7 @@ const BOX_CONTENT_WIDTH = 67;
 ║  ${w3}║
 ║  ${w4}║
 ║  ${w5}║
-║  ${w6}║
+║  ${w6}║${pathsCheckedInfo}
 ║                                                                     ║
 ╚═════════════════════════════════════════════════════════════════════╝
 `);
--- a/apps/server/src/routes/setup/routes/verify-claude-auth.ts
+++ b/apps/server/src/routes/setup/routes/verify-claude-auth.ts
@@ -320,9 +320,28 @@ export function createVerifyClaudeAuthHandler() {
        authMethod,
      });

+      // Determine specific auth type for success messages
+      let authType: 'oauth' | 'api_key' | 'cli' | undefined;
+      if (authenticated) {
+        if (authMethod === 'api_key') {
+          authType = 'api_key';
+        } else if (authMethod === 'cli') {
+          // Check if CLI auth is via OAuth (Claude Code subscription) or generic CLI
+          // OAuth tokens are stored in the credentials file by the Claude CLI
+          const { getClaudeAuthIndicators } = await import('@automaker/platform');
+          const indicators = await getClaudeAuthIndicators();
+          if (indicators.credentials?.hasOAuthToken) {
+            authType = 'oauth';
+          } else {
+            authType = 'cli';
+          }
+        }
+      }
+
      res.json({
        success: true,
        authenticated,
+        authType,
        error: errorMessage || undefined,
      });
    } catch (error) {
--- a/apps/ui/src/components/dialogs/sandbox-risk-dialog.tsx
+++ b/apps/ui/src/components/dialogs/sandbox-risk-dialog.tsx
@@ -69,6 +69,29 @@ export function SandboxRiskDialog({ open, onConfirm, onDeny }: SandboxRiskDialog
                For safer operation, consider running Automaker in Docker. See the README for
                instructions.
              </p>
+
+              <div className="bg-muted/50 border border-border rounded-lg p-4 space-y-2">
+                <p className="text-sm font-medium text-foreground">
+                  Already running in Docker? Try these troubleshooting steps:
+                </p>
+                <ul className="text-sm text-muted-foreground list-disc list-inside space-y-1">
+                  <li>
+                    Ensure <code className="bg-muted px-1 rounded">IS_CONTAINERIZED=true</code> is
+                    set in your docker-compose environment
+                  </li>
+                  <li>
+                    Verify the server container has the environment variable:{' '}
+                    <code className="bg-muted px-1 rounded">
+                      docker exec automaker-server printenv IS_CONTAINERIZED
+                    </code>
+                  </li>
+                  <li>Rebuild and restart containers if you recently changed the configuration</li>
+                  <li>
+                    Check the server logs for startup messages:{' '}
+                    <code className="bg-muted px-1 rounded">docker-compose logs server</code>
+                  </li>
+                </ul>
+              </div>
            </div>
          </DialogDescription>
        </DialogHeader>
--- a/apps/ui/src/components/views/setup-view/steps/claude-setup-step.tsx
+++ b/apps/ui/src/components/views/setup-view/steps/claude-setup-step.tsx
@@ -59,6 +59,7 @@ export function ClaudeSetupStep({ onNext, onBack, onSkip }: ClaudeSetupStepProps
  // CLI Verification state
  const [cliVerificationStatus, setCliVerificationStatus] = useState<VerificationStatus>('idle');
  const [cliVerificationError, setCliVerificationError] = useState<string | null>(null);
+  const [cliAuthType, setCliAuthType] = useState<'oauth' | 'cli' | null>(null);

  // API Key Verification state
  const [apiKeyVerificationStatus, setApiKeyVerificationStatus] =
@@ -119,6 +120,7 @@ export function ClaudeSetupStep({ onNext, onBack, onSkip }: ClaudeSetupStepProps
  const verifyCliAuth = useCallback(async () => {
    setCliVerificationStatus('verifying');
    setCliVerificationError(null);
+    setCliAuthType(null);

    try {
      const api = getElectronAPI();
@@ -138,12 +140,21 @@ export function ClaudeSetupStep({ onNext, onBack, onSkip }: ClaudeSetupStepProps

      if (result.authenticated && !hasLimitReachedError) {
        setCliVerificationStatus('verified');
+        // Store the auth type for displaying specific success message
+        const authType = result.authType === 'oauth' ? 'oauth' : 'cli';
+        setCliAuthType(authType);
        setClaudeAuthStatus({
          authenticated: true,
-          method: 'cli_authenticated',
+          method: authType === 'oauth' ? 'oauth_token' : 'cli_authenticated',
          hasCredentialsFile: claudeAuthStatus?.hasCredentialsFile || false,
+          oauthTokenValid: authType === 'oauth',
        });
-        toast.success('Claude CLI authentication verified!');
+        // Show specific success message based on auth type
+        if (authType === 'oauth') {
+          toast.success('Claude Code subscription detected and verified!');
+        } else {
+          toast.success('Claude CLI authentication verified!');
+        }
      } else {
        setCliVerificationStatus('error');
        setCliVerificationError(
@@ -436,9 +447,15 @@ export function ClaudeSetupStep({ onNext, onBack, onSkip }: ClaudeSetupStepProps
                  <div className="flex items-center gap-3 p-4 rounded-lg bg-green-500/10 border border-green-500/20">
                    <CheckCircle2 className="w-5 h-5 text-green-500" />
                    <div>
-                      <p className="font-medium text-foreground">CLI Authentication verified!</p>
+                      <p className="font-medium text-foreground">
+                        {cliAuthType === 'oauth'
+                          ? 'Claude Code subscription verified!'
+                          : 'CLI Authentication verified!'}
+                      </p>
                      <p className="text-sm text-muted-foreground">
-                        Your Claude CLI is working correctly.
+                        {cliAuthType === 'oauth'
+                          ? 'Your Claude Code subscription is active and ready to use.'
+                          : 'Your Claude CLI is working correctly.'}
                      </p>
                    </div>
                  </div>
--- a/apps/ui/src/lib/electron.ts
+++ b/apps/ui/src/lib/electron.ts
@@ -1442,6 +1442,7 @@ interface SetupAPI {
  verifyClaudeAuth: (authMethod?: 'cli' | 'api_key') => Promise<{
    success: boolean;
    authenticated: boolean;
+    authType?: 'oauth' | 'api_key' | 'cli';
    error?: string;
  }>;
  getGhStatus?: () => Promise<{
--- a/apps/ui/src/lib/http-api-client.ts
+++ b/apps/ui/src/lib/http-api-client.ts
@@ -1350,6 +1350,7 @@ export class HttpApiClient implements ElectronAPI {
    ): Promise<{
      success: boolean;
      authenticated: boolean;
+      authType?: 'oauth' | 'api_key' | 'cli';
      error?: string;
    }> => this.post('/api/setup/verify-claude-auth', { authMethod, apiKey }),