Skip to content

Allow Claude provider to use normal Claude Code OAuth environment #150

Description

@grantjayy

Summary

Clawpatch's Claude provider currently runs the claude binary in an isolated temporary HOME / XDG environment and forwards only a narrow set of API/provider auth env vars. That prevents normal Claude Code OAuth login state from being used.

For local developer usage, this means clawpatch --provider claude ... can fail even when the user's normal claude binary is installed and intended to use Claude Code OAuth/subscription usage.

Observed behavior

The installed Clawpatch 0.7.0 Claude provider:

  • creates a temp dir for each Claude invocation
  • sets:
    • HOME=<tmp>/home
    • XDG_CONFIG_HOME=<tmp>/xdg-config
    • XDG_CACHE_HOME=<tmp>/xdg-cache
    • XDG_DATA_HOME=<tmp>/xdg-data
  • runs with replaceEnv: true
  • forwards only selected auth env vars such as ANTHROPIC_API_KEY, ANTHROPIC_AUTH_TOKEN, Vertex/Bedrock/AWS vars

When no API-token env var is present, Claude Code starts inside that isolated home with no OAuth login state.

A minimal reproduction with the same structured-output style produced:

Not logged in · Please run /login
error: authentication_failed
apiKeySource: none

Clawpatch then surfaced a weaker error shape like:

claude provider failed: type=result; subtype=success; terminal_reason=completed

Expected behavior

For normal local usage, Clawpatch should be able to run the configured Claude Code binary as-is, preserving the caller's normal auth/home environment, so Claude Code OAuth/subscription usage works without requiring ANTHROPIC_API_KEY or API credits.

Why this likely matters now

This isolation may have been defensive when there was concern that claude -p usage would be forced onto extra/API-credit billing. That billing direction appears to have changed, and for local users the desired behavior is now to let the normal Claude Code binary use its normal OAuth/subscription auth path.

Suggested fix

Add or change the Claude provider auth mode so local invocations can inherit the normal Claude Code environment:

  • do not override HOME / XDG auth/cache/data dirs for this mode
  • do not require API-token env vars
  • continue preserving Clawpatch's existing safety flags:
    • --no-session-persistence
    • --strict-mcp-config
    • empty MCP config
    • --disable-slash-commands
    • --no-chrome
    • read-only tools for read-only operations

If CI isolation is still desired, a clean split could be:

  • local/default: inherit normal Claude Code binary environment
  • CI/isolated: current temp-home/env-token mode

Also useful: include top-level Claude envelope fields like error, is_error, and result in failure extraction so auth failures report authentication_failed / Not logged in directly.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions