refactor: remove CLAUDE_CODE_OAUTH_TOKEN references and update authentication to use ANTHROPIC_API_KEY exclusively

apps/server/src/routes/app-spec/common.ts

@@ -35,19 +35,9 @@ export function setRunningState(
  * Helper to log authentication status
  */
 export function logAuthStatus(context: string): void {
-  const hasOAuthToken = !!process.env.CLAUDE_CODE_OAUTH_TOKEN;
   const hasApiKey = !!process.env.ANTHROPIC_API_KEY;
 
   logger.info(`${context} - Auth Status:`);
-  logger.info(
-    `  CLAUDE_CODE_OAUTH_TOKEN: ${
-      hasOAuthToken
-        ? "SET (" +
-          process.env.CLAUDE_CODE_OAUTH_TOKEN?.substring(0, 20) +
-          "...)"
-        : "NOT SET"
-    }`
-  );
   logger.info(
     `  ANTHROPIC_API_KEY: ${
       hasApiKey
@@ -56,7 +46,7 @@ export function logAuthStatus(context: string): void {
     }`
   );
 
-  if (!hasOAuthToken && !hasApiKey) {
+  if (!hasApiKey) {
     logger.warn("⚠️  WARNING: No authentication configured! SDK will fail.");
   }
 }

apps/server/src/routes/models/routes/providers.ts

@@ -15,9 +15,7 @@ export function createProvidersHandler() {
       const providers: Record<string, any> = {
         anthropic: {
           available: statuses.claude?.installed || false,
-          hasApiKey:
-            !!process.env.ANTHROPIC_API_KEY ||
-            !!process.env.CLAUDE_CODE_OAUTH_TOKEN,
+          hasApiKey: !!process.env.ANTHROPIC_API_KEY,
         },
         google: {
           available: !!process.env.GOOGLE_API_KEY,

apps/server/src/routes/setup/get-claude-status.ts

@@ -74,7 +74,6 @@ export async function getClaudeStatus() {
     hasStoredOAuthToken: !!getApiKey("anthropic_oauth_token"),
     hasStoredApiKey: !!getApiKey("anthropic"),
     hasEnvApiKey: !!process.env.ANTHROPIC_API_KEY,
-    hasEnvOAuthToken: !!process.env.CLAUDE_CODE_OAUTH_TOKEN,
     // Additional fields for detailed status
     oauthTokenValid: false,
     apiKeyValid: false,
@@ -148,11 +147,7 @@ export async function getClaudeStatus() {
   }
 
   // Environment variables override stored credentials (higher priority)
-  if (auth.hasEnvOAuthToken) {
-    auth.authenticated = true;
-    auth.oauthTokenValid = true;
-    auth.method = "oauth_token_env";
-  } else if (auth.hasEnvApiKey) {
+  if (auth.hasEnvApiKey) {
     auth.authenticated = true;
     auth.apiKeyValid = true;
     auth.method = "api_key_env"; // API key from ANTHROPIC_API_KEY env var

apps/server/src/routes/setup/routes/store-api-key.ts

@@ -31,16 +31,8 @@ export function createStoreApiKeyHandler() {
       setApiKey(provider, apiKey);
 
       // Also set as environment variable and persist to .env
-      // IMPORTANT: OAuth tokens and API keys must be stored separately
-      // - OAuth tokens (subscription auth) -> CLAUDE_CODE_OAUTH_TOKEN
-      // - API keys (pay-per-use) -> ANTHROPIC_API_KEY
-      if (provider === "anthropic_oauth_token") {
-        // OAuth token from claude setup-token (subscription-based auth)
-        process.env.CLAUDE_CODE_OAUTH_TOKEN = apiKey;
-        await persistApiKeyToEnv("CLAUDE_CODE_OAUTH_TOKEN", apiKey);
-        logger.info("[Setup] Stored OAuth token as CLAUDE_CODE_OAUTH_TOKEN");
-      } else if (provider === "anthropic") {
-        // Direct API key (pay-per-use)
+      if (provider === "anthropic" || provider === "anthropic_oauth_token") {
+        // Both API key and OAuth token use ANTHROPIC_API_KEY
         process.env.ANTHROPIC_API_KEY = apiKey;
         await persistApiKeyToEnv("ANTHROPIC_API_KEY", apiKey);
         logger.info("[Setup] Stored API key as ANTHROPIC_API_KEY");