feat: unify Claude API key and profile system with flexible key sourcing

- Add ApiKeySource type ('inline' | 'env' | 'credentials') to ClaudeApiProfile - Allow profiles to source API keys from credentials.json or environment variables - Add provider templates: OpenRouter, MiniMax, MiniMax (China) - Auto-migrate existing users with Anthropic key to "Direct Anthropic" profile - Update all API call sites to pass credentials for key resolution - Add API key source selector to profile creation UI - Increment settings version to 5 for migration support This allows users to: - Share a single API key across multiple profile configurations - Use environment variables for CI/CD deployments - Easily switch between providers without re-entering keys
2026-02-01 20:23:36 +00:00 · 2026-01-19 17:28:28 +01:00
parent 10b49bd3b4
commit b88c940a36
25 changed files with 706 additions and 71 deletions
--- a/apps/server/src/lib/settings-helpers.ts
+++ b/apps/server/src/lib/settings-helpers.ts
@@ -351,30 +351,39 @@ export async function getCustomSubagents(
  return Object.keys(merged).length > 0 ? merged : undefined;
 }

+/** Result from getActiveClaudeApiProfile */
+export interface ActiveClaudeApiProfileResult {
+  /** The active profile, or undefined if using direct Anthropic API */
+  profile: ClaudeApiProfile | undefined;
+  /** Credentials for resolving 'credentials' apiKeySource */
+  credentials: import('@automaker/types').Credentials | undefined;
+}
+
 /**
- * Get the active Claude API profile from global settings.
- * Returns undefined if no profile is active (uses direct Anthropic API).
+ * Get the active Claude API profile and credentials from global settings.
+ * Returns both the profile and credentials for resolving 'credentials' apiKeySource.
 *
 * @param settingsService - Optional settings service instance
 * @param logPrefix - Prefix for log messages (e.g., '[AgentService]')
- * @returns Promise resolving to the active profile, or undefined if none active
+ * @returns Promise resolving to object with profile and credentials
 */
 export async function getActiveClaudeApiProfile(
  settingsService?: SettingsService | null,
  logPrefix = '[SettingsHelper]'
-): Promise<ClaudeApiProfile | undefined> {
+): Promise<ActiveClaudeApiProfileResult> {
  if (!settingsService) {
-    return undefined;
+    return { profile: undefined, credentials: undefined };
  }

  try {
    const globalSettings = await settingsService.getGlobalSettings();
+    const credentials = await settingsService.getCredentials();
    const profiles = globalSettings.claudeApiProfiles || [];
    const activeProfileId = globalSettings.activeClaudeApiProfileId;

    // No active profile selected - use direct Anthropic API
    if (!activeProfileId) {
-      return undefined;
+      return { profile: undefined, credentials };
    }

    // Find the active profile by ID
@@ -382,15 +391,15 @@ export async function getActiveClaudeApiProfile(

    if (activeProfile) {
      logger.info(`${logPrefix} Using Claude API profile: ${activeProfile.name}`);
-      return activeProfile;
+      return { profile: activeProfile, credentials };
    } else {
      logger.warn(
        `${logPrefix} Active profile ID "${activeProfileId}" not found, falling back to direct Anthropic API`
      );
-      return undefined;
+      return { profile: undefined, credentials };
    }
  } catch (error) {
    logger.error(`${logPrefix} Failed to load Claude API profile:`, error);
-    return undefined;
+    return { profile: undefined, credentials: undefined };
  }
 }
--- a/apps/server/src/providers/claude-provider.ts
+++ b/apps/server/src/providers/claude-provider.ts
@@ -14,6 +14,7 @@ import {
  getThinkingTokenBudget,
  validateBareModelId,
  type ClaudeApiProfile,
+  type Credentials,
 } from '@automaker/types';
 import type {
  ExecuteOptions,
@@ -56,19 +57,47 @@ const SYSTEM_ENV_VARS = ['PATH', 'HOME', 'SHELL', 'TERM', 'USER', 'LANG', 'LC_AL
 * When no profile is provided, uses direct Anthropic API settings from process.env.
 *
 * @param profile - Optional Claude API profile for alternative endpoint configuration
+ * @param credentials - Optional credentials object for resolving 'credentials' apiKeySource
 */
-function buildEnv(profile?: ClaudeApiProfile): Record<string, string | undefined> {
+function buildEnv(
+  profile?: ClaudeApiProfile,
+  credentials?: Credentials
+): Record<string, string | undefined> {
  const env: Record<string, string | undefined> = {};

  if (profile) {
    // Use profile configuration (clean switch - don't inherit non-system vars from process.env)
-    logger.debug('Building environment from Claude API profile:', { name: profile.name });
+    logger.debug('Building environment from Claude API profile:', {
+      name: profile.name,
+      apiKeySource: profile.apiKeySource ?? 'inline',
+    });
+
+    // Resolve API key based on source strategy
+    let apiKey: string | undefined;
+    const source = profile.apiKeySource ?? 'inline'; // Default to inline for backwards compat
+
+    switch (source) {
+      case 'inline':
+        apiKey = profile.apiKey;
+        break;
+      case 'env':
+        apiKey = process.env.ANTHROPIC_API_KEY;
+        break;
+      case 'credentials':
+        apiKey = credentials?.apiKeys?.anthropic;
+        break;
+    }
+
+    // Warn if no API key found
+    if (!apiKey) {
+      logger.warn(`No API key found for profile "${profile.name}" with source "${source}"`);
+    }

    // Authentication
    if (profile.useAuthToken) {
-      env['ANTHROPIC_AUTH_TOKEN'] = profile.apiKey;
+      env['ANTHROPIC_AUTH_TOKEN'] = apiKey;
    } else {
-      env['ANTHROPIC_API_KEY'] = profile.apiKey;
+      env['ANTHROPIC_API_KEY'] = apiKey;
    }

    // Endpoint configuration
@@ -149,6 +178,7 @@ export class ClaudeProvider extends BaseProvider {
      sdkSessionId,
      thinkingLevel,
      claudeApiProfile,
+      credentials,
    } = options;

    // Convert thinking level to token budget
@@ -163,7 +193,7 @@ export class ClaudeProvider extends BaseProvider {
      // Pass only explicitly allowed environment variables to SDK
      // When a profile is active, uses profile settings (clean switch)
      // When no profile, uses direct Anthropic API (from process.env or CLI OAuth)
-      env: buildEnv(claudeApiProfile),
+      env: buildEnv(claudeApiProfile, credentials),
      // Pass through allowedTools if provided by caller (decided by sdk-options.ts)
      ...(allowedTools && { allowedTools }),
      // AUTONOMOUS MODE: Always bypass permissions for fully autonomous operation
--- a/apps/server/src/providers/simple-query-service.ts
+++ b/apps/server/src/providers/simple-query-service.ts
@@ -21,6 +21,7 @@ import type {
  ThinkingLevel,
  ReasoningEffort,
  ClaudeApiProfile,
+  Credentials,
 } from '@automaker/types';
 import { stripProviderPrefix } from '@automaker/types';

@@ -57,6 +58,8 @@ export interface SimpleQueryOptions {
  settingSources?: Array<'user' | 'project' | 'local'>;
  /** Active Claude API profile for alternative endpoint configuration */
  claudeApiProfile?: ClaudeApiProfile;
+  /** Credentials for resolving 'credentials' apiKeySource in Claude API profiles */
+  credentials?: Credentials;
 }

 /**
@@ -129,6 +132,7 @@ export async function simpleQuery(options: SimpleQueryOptions): Promise<SimpleQu
    readOnly: options.readOnly,
    settingSources: options.settingSources,
    claudeApiProfile: options.claudeApiProfile, // Pass active Claude API profile for alternative endpoint configuration
+    credentials: options.credentials, // Pass credentials for resolving 'credentials' apiKeySource
  };

  for await (const msg of provider.executeQuery(providerOptions)) {
@@ -212,6 +216,7 @@ export async function streamingQuery(options: StreamingQueryOptions): Promise<Si
    readOnly: options.readOnly,
    settingSources: options.settingSources,
    claudeApiProfile: options.claudeApiProfile, // Pass active Claude API profile for alternative endpoint configuration
+    credentials: options.credentials, // Pass credentials for resolving 'credentials' apiKeySource
  };

  for await (const msg of provider.executeQuery(providerOptions)) {
--- a/apps/server/src/routes/app-spec/generate-features-from-spec.ts
+++ b/apps/server/src/routes/app-spec/generate-features-from-spec.ts
@@ -128,7 +128,10 @@ Generate ${featureCount} NEW features that build on each other logically. Rememb
  logger.info('Using model:', model);

  // Get active Claude API profile for alternative endpoint configuration
-  const claudeApiProfile = await getActiveClaudeApiProfile(settingsService, '[FeatureGeneration]');
+  const { profile: claudeApiProfile, credentials } = await getActiveClaudeApiProfile(
+    settingsService,
+    '[FeatureGeneration]'
+  );

  // Use streamingQuery with event callbacks
  const result = await streamingQuery({
@@ -142,6 +145,7 @@ Generate ${featureCount} NEW features that build on each other logically. Rememb
    readOnly: true, // Feature generation only reads code, doesn't write
    settingSources: autoLoadClaudeMd ? ['user', 'project', 'local'] : undefined,
    claudeApiProfile, // Pass active Claude API profile for alternative endpoint configuration
+    credentials, // Pass credentials for resolving 'credentials' apiKeySource
    onText: (text) => {
      logger.debug(`Feature text block received (${text.length} chars)`);
      events.emit('spec-regeneration:event', {
--- a/apps/server/src/routes/app-spec/generate-spec.ts
+++ b/apps/server/src/routes/app-spec/generate-spec.ts
@@ -105,7 +105,10 @@ ${prompts.appSpec.structuredSpecInstructions}`;
  logger.info('Using model:', model);

  // Get active Claude API profile for alternative endpoint configuration
-  const claudeApiProfile = await getActiveClaudeApiProfile(settingsService, '[SpecRegeneration]');
+  const { profile: claudeApiProfile, credentials } = await getActiveClaudeApiProfile(
+    settingsService,
+    '[SpecRegeneration]'
+  );

  let responseText = '';
  let structuredOutput: SpecOutput | null = null;
@@ -140,6 +143,7 @@ Your entire response should be valid JSON starting with { and ending with }. No
    readOnly: true, // Spec generation only reads code, we write the spec ourselves
    settingSources: autoLoadClaudeMd ? ['user', 'project', 'local'] : undefined,
    claudeApiProfile, // Pass active Claude API profile for alternative endpoint configuration
+    credentials, // Pass credentials for resolving 'credentials' apiKeySource
    outputFormat: useStructuredOutput
      ? {
          type: 'json_schema',
--- a/apps/server/src/routes/app-spec/sync-spec.ts
+++ b/apps/server/src/routes/app-spec/sync-spec.ts
@@ -161,7 +161,10 @@ export async function syncSpec(
  const { model, thinkingLevel } = resolvePhaseModel(phaseModelEntry);

  // Get active Claude API profile for alternative endpoint configuration
-  const claudeApiProfile = await getActiveClaudeApiProfile(settingsService, '[SpecSync]');
+  const { profile: claudeApiProfile, credentials } = await getActiveClaudeApiProfile(
+    settingsService,
+    '[SpecSync]'
+  );

  // Use AI to analyze tech stack
  const techAnalysisPrompt = `Analyze this project and return ONLY a JSON object with the current technology stack.
@@ -192,6 +195,7 @@ Return ONLY this JSON format, no other text:
      readOnly: true,
      settingSources: autoLoadClaudeMd ? ['user', 'project', 'local'] : undefined,
      claudeApiProfile, // Pass active Claude API profile for alternative endpoint configuration
+      credentials, // Pass credentials for resolving 'credentials' apiKeySource
      onText: (text) => {
        logger.debug(`Tech analysis text: ${text.substring(0, 100)}`);
      },
--- a/apps/server/src/routes/backlog-plan/generate-plan.ts
+++ b/apps/server/src/routes/backlog-plan/generate-plan.ts
@@ -166,7 +166,10 @@ ${userPrompt}`;
    }

    // Get active Claude API profile for alternative endpoint configuration
-    const claudeApiProfile = await getActiveClaudeApiProfile(settingsService, '[BacklogPlan]');
+    const { profile: claudeApiProfile, credentials } = await getActiveClaudeApiProfile(
+      settingsService,
+      '[BacklogPlan]'
+    );

    // Execute the query
    const stream = provider.executeQuery({
@@ -181,6 +184,7 @@ ${userPrompt}`;
      readOnly: true, // Plan generation only generates text, doesn't write files
      thinkingLevel, // Pass thinking level for extended thinking
      claudeApiProfile, // Pass active Claude API profile for alternative endpoint configuration
+      credentials, // Pass credentials for resolving 'credentials' apiKeySource
    });

    let responseText = '';
--- a/apps/server/src/routes/context/routes/describe-file.ts
+++ b/apps/server/src/routes/context/routes/describe-file.ts
@@ -167,7 +167,10 @@ ${contentToAnalyze}`;
      logger.info(`Resolved model: ${model}, thinkingLevel: ${thinkingLevel}`);

      // Get active Claude API profile for alternative endpoint configuration
-      const claudeApiProfile = await getActiveClaudeApiProfile(settingsService, '[DescribeFile]');
+      const { profile: claudeApiProfile, credentials } = await getActiveClaudeApiProfile(
+        settingsService,
+        '[DescribeFile]'
+      );

      // Use simpleQuery - provider abstraction handles routing to correct provider
      const result = await simpleQuery({
@@ -180,6 +183,7 @@ ${contentToAnalyze}`;
        readOnly: true, // File description only reads, doesn't write
        settingSources: autoLoadClaudeMd ? ['user', 'project', 'local'] : undefined,
        claudeApiProfile, // Pass active Claude API profile for alternative endpoint configuration
+        credentials, // Pass credentials for resolving 'credentials' apiKeySource
      });

      const description = result.text;
--- a/apps/server/src/routes/context/routes/describe-image.ts
+++ b/apps/server/src/routes/context/routes/describe-image.ts
@@ -286,7 +286,10 @@ export function createDescribeImageHandler(
      const prompts = await getPromptCustomization(settingsService, '[DescribeImage]');

      // Get active Claude API profile for alternative endpoint configuration
-      const claudeApiProfile = await getActiveClaudeApiProfile(settingsService, '[DescribeImage]');
+      const { profile: claudeApiProfile, credentials } = await getActiveClaudeApiProfile(
+        settingsService,
+        '[DescribeImage]'
+      );

      // Build the instruction text from centralized prompts
      const instructionText = prompts.contextDescription.describeImagePrompt;
@@ -330,6 +333,7 @@ export function createDescribeImageHandler(
        readOnly: true, // Image description only reads, doesn't write
        settingSources: autoLoadClaudeMd ? ['user', 'project', 'local'] : undefined,
        claudeApiProfile, // Pass active Claude API profile for alternative endpoint configuration
+        credentials, // Pass credentials for resolving 'credentials' apiKeySource
      });

      logger.info(`[${requestId}] simpleQuery completed in ${Date.now() - queryStart}ms`);
--- a/apps/server/src/routes/enhance-prompt/routes/enhance.ts
+++ b/apps/server/src/routes/enhance-prompt/routes/enhance.ts
@@ -130,7 +130,10 @@ export function createEnhanceHandler(
      logger.debug(`Using model: ${resolvedModel}`);

      // Get active Claude API profile for alternative endpoint configuration
-      const claudeApiProfile = await getActiveClaudeApiProfile(settingsService, '[EnhancePrompt]');
+      const { profile: claudeApiProfile, credentials } = await getActiveClaudeApiProfile(
+        settingsService,
+        '[EnhancePrompt]'
+      );

      // Use simpleQuery - provider abstraction handles routing to correct provider
      // The system prompt is combined with user prompt since some providers
@@ -144,6 +147,7 @@ export function createEnhanceHandler(
        thinkingLevel,
        readOnly: true, // Prompt enhancement only generates text, doesn't write files
        claudeApiProfile, // Pass active Claude API profile for alternative endpoint configuration
+        credentials, // Pass credentials for resolving 'credentials' apiKeySource
      });

      const enhancedText = result.text;
--- a/apps/server/src/routes/features/routes/generate-title.ts
+++ b/apps/server/src/routes/features/routes/generate-title.ts
@@ -64,7 +64,10 @@ export function createGenerateTitleHandler(
      const systemPrompt = prompts.titleGeneration.systemPrompt;

      // Get active Claude API profile for alternative endpoint configuration
-      const claudeApiProfile = await getActiveClaudeApiProfile(settingsService, '[GenerateTitle]');
+      const { profile: claudeApiProfile, credentials } = await getActiveClaudeApiProfile(
+        settingsService,
+        '[GenerateTitle]'
+      );

      const userPrompt = `Generate a concise title for this feature:\n\n${trimmedDescription}`;

@@ -76,6 +79,7 @@ export function createGenerateTitleHandler(
        maxTurns: 1,
        allowedTools: [],
        claudeApiProfile, // Pass active Claude API profile for alternative endpoint configuration
+        credentials, // Pass credentials for resolving 'credentials' apiKeySource
      });

      const title = result.text;
--- a/apps/server/src/routes/github/routes/validate-issue.ts
+++ b/apps/server/src/routes/github/routes/validate-issue.ts
@@ -170,7 +170,10 @@ ${basePrompt}`;
    logger.info(`Using model: ${model}`);

    // Get active Claude API profile for alternative endpoint configuration
-    const claudeApiProfile = await getActiveClaudeApiProfile(settingsService, '[IssueValidation]');
+    const { profile: claudeApiProfile, credentials } = await getActiveClaudeApiProfile(
+      settingsService,
+      '[IssueValidation]'
+    );

    // Use streamingQuery with event callbacks
    const result = await streamingQuery({
@@ -184,6 +187,7 @@ ${basePrompt}`;
      readOnly: true, // Issue validation only reads code, doesn't write
      settingSources: autoLoadClaudeMd ? ['user', 'project', 'local'] : undefined,
      claudeApiProfile, // Pass active Claude API profile for alternative endpoint configuration
+      credentials, // Pass credentials for resolving 'credentials' apiKeySource
      outputFormat: useStructuredOutput
        ? {
            type: 'json_schema',
--- a/apps/server/src/routes/suggestions/generate-suggestions.ts
+++ b/apps/server/src/routes/suggestions/generate-suggestions.ts
@@ -197,7 +197,10 @@ ${prompts.suggestions.baseTemplate}`;
  logger.info('[Suggestions] Using model:', model);

  // Get active Claude API profile for alternative endpoint configuration
-  const claudeApiProfile = await getActiveClaudeApiProfile(settingsService, '[Suggestions]');
+  const { profile: claudeApiProfile, credentials } = await getActiveClaudeApiProfile(
+    settingsService,
+    '[Suggestions]'
+  );

  let responseText = '';

@@ -231,6 +234,7 @@ Your entire response should be valid JSON starting with { and ending with }. No
    readOnly: true, // Suggestions only reads code, doesn't write
    settingSources: autoLoadClaudeMd ? ['user', 'project', 'local'] : undefined,
    claudeApiProfile, // Pass active Claude API profile for alternative endpoint configuration
+    credentials, // Pass credentials for resolving 'credentials' apiKeySource
    outputFormat: useStructuredOutput
      ? {
          type: 'json_schema',
--- a/apps/server/src/routes/worktree/routes/generate-commit-message.ts
+++ b/apps/server/src/routes/worktree/routes/generate-commit-message.ts
@@ -169,7 +169,7 @@ export function createGenerateCommitMessageHandler(
      const systemPrompt = await getSystemPrompt(settingsService);

      // Get active Claude API profile for alternative endpoint configuration
-      const claudeApiProfile = await getActiveClaudeApiProfile(
+      const { profile: claudeApiProfile, credentials } = await getActiveClaudeApiProfile(
        settingsService,
        '[GenerateCommitMessage]'
      );
@@ -196,6 +196,7 @@ export function createGenerateCommitMessageHandler(
        allowedTools: [],
        readOnly: true,
        claudeApiProfile, // Pass active Claude API profile for alternative endpoint configuration
+        credentials, // Pass credentials for resolving 'credentials' apiKeySource
      });

      // Wrap with timeout to prevent indefinite hangs
--- a/apps/server/src/services/agent-service.ts
+++ b/apps/server/src/services/agent-service.ts
@@ -276,7 +276,7 @@ export class AgentService {
          : undefined;

      // Get active Claude API profile for alternative endpoint configuration
-      const claudeApiProfile = await getActiveClaudeApiProfile(
+      const { profile: claudeApiProfile, credentials } = await getActiveClaudeApiProfile(
        this.settingsService,
        '[AgentService]'
      );
@@ -386,6 +386,7 @@ export class AgentService {
        thinkingLevel: effectiveThinkingLevel, // Pass thinking level for Claude models
        reasoningEffort: effectiveReasoningEffort, // Pass reasoning effort for Codex models
        claudeApiProfile, // Pass active Claude API profile for alternative endpoint configuration
+        credentials, // Pass credentials for resolving 'credentials' apiKeySource
      };

      // Build prompt content with images
--- a/apps/server/src/services/auto-mode-service.ts
+++ b/apps/server/src/services/auto-mode-service.ts
@@ -2059,7 +2059,10 @@ Format your response as a structured markdown document.`;
      });

      // Get active Claude API profile for alternative endpoint configuration
-      const claudeApiProfile = await getActiveClaudeApiProfile(this.settingsService, '[AutoMode]');
+      const { profile: claudeApiProfile, credentials } = await getActiveClaudeApiProfile(
+        this.settingsService,
+        '[AutoMode]'
+      );

      const options: ExecuteOptions = {
        prompt,
@@ -2071,6 +2074,7 @@ Format your response as a structured markdown document.`;
        settingSources: sdkOptions.settingSources,
        thinkingLevel: analysisThinkingLevel, // Pass thinking level
        claudeApiProfile, // Pass active Claude API profile for alternative endpoint configuration
+        credentials, // Pass credentials for resolving 'credentials' apiKeySource
      };

      const stream = provider.executeQuery(options);
@@ -2940,7 +2944,10 @@ This mock response was generated because AUTOMAKER_MOCK_AGENT=true was set.
    }

    // Get active Claude API profile for alternative endpoint configuration
-    const claudeApiProfile = await getActiveClaudeApiProfile(this.settingsService, '[AutoMode]');
+    const { profile: claudeApiProfile, credentials } = await getActiveClaudeApiProfile(
+      this.settingsService,
+      '[AutoMode]'
+    );

    const executeOptions: ExecuteOptions = {
      prompt: promptContent,
@@ -2954,6 +2961,7 @@ This mock response was generated because AUTOMAKER_MOCK_AGENT=true was set.
      mcpServers: Object.keys(mcpServers).length > 0 ? mcpServers : undefined, // Pass MCP servers configuration
      thinkingLevel: options?.thinkingLevel, // Pass thinking level for extended thinking
      claudeApiProfile, // Pass active Claude API profile for alternative endpoint configuration
+      credentials, // Pass credentials for resolving 'credentials' apiKeySource
    };

    // Execute via provider
--- a/apps/server/src/services/ideation-service.ts
+++ b/apps/server/src/services/ideation-service.ts
@@ -224,7 +224,7 @@ export class IdeationService {
      const bareModel = stripProviderPrefix(modelId);

      // Get active Claude API profile for alternative endpoint configuration
-      const claudeApiProfile = await getActiveClaudeApiProfile(
+      const { profile: claudeApiProfile, credentials } = await getActiveClaudeApiProfile(
        this.settingsService,
        '[IdeationService]'
      );
@@ -239,6 +239,7 @@ export class IdeationService {
        abortController: activeSession.abortController!,
        conversationHistory: conversationHistory.length > 0 ? conversationHistory : undefined,
        claudeApiProfile, // Pass active Claude API profile for alternative endpoint configuration
+        credentials, // Pass credentials for resolving 'credentials' apiKeySource
      };

      const stream = provider.executeQuery(executeOptions);
@@ -686,7 +687,7 @@ export class IdeationService {
      const bareModel = stripProviderPrefix(modelId);

      // Get active Claude API profile for alternative endpoint configuration
-      const claudeApiProfile = await getActiveClaudeApiProfile(
+      const { profile: claudeApiProfile, credentials } = await getActiveClaudeApiProfile(
        this.settingsService,
        '[IdeationService]'
      );
@@ -702,6 +703,7 @@ export class IdeationService {
        allowedTools: [],
        abortController: new AbortController(),
        claudeApiProfile, // Pass active Claude API profile for alternative endpoint configuration
+        credentials, // Pass credentials for resolving 'credentials' apiKeySource
      };

      const stream = provider.executeQuery(executeOptions);
--- a/apps/server/src/services/settings-service.ts
+++ b/apps/server/src/services/settings-service.ts
@@ -166,6 +166,41 @@ export class SettingsService {
      needsSave = true;
    }

+    // Migration v4 -> v5: Auto-create "Direct Anthropic" profile for existing users
+    // If user has an Anthropic API key in credentials but no profiles, create a
+    // "Direct Anthropic" profile that references the credentials and set it as active.
+    if (storedVersion < 5) {
+      try {
+        const credentials = await this.getCredentials();
+        const hasAnthropicKey = !!credentials.apiKeys?.anthropic;
+        const hasNoProfiles = !result.claudeApiProfiles || result.claudeApiProfiles.length === 0;
+        const hasNoActiveProfile = !result.activeClaudeApiProfileId;
+
+        if (hasAnthropicKey && hasNoProfiles && hasNoActiveProfile) {
+          const directAnthropicProfile = {
+            id: `profile-${Date.now()}-direct-anthropic`,
+            name: 'Direct Anthropic',
+            baseUrl: 'https://api.anthropic.com',
+            apiKeySource: 'credentials' as const,
+            useAuthToken: false,
+          };
+
+          result.claudeApiProfiles = [directAnthropicProfile];
+          result.activeClaudeApiProfileId = directAnthropicProfile.id;
+
+          logger.info(
+            'Migration v4->v5: Created "Direct Anthropic" profile using existing credentials'
+          );
+        }
+      } catch (error) {
+        logger.warn(
+          'Migration v4->v5: Could not check credentials for auto-profile creation:',
+          error
+        );
+      }
+      needsSave = true;
+    }
+
    // Update version if any migration occurred
    if (needsSave) {
      result.version = SETTINGS_VERSION;