-
Notifications
You must be signed in to change notification settings - Fork 12.9k
fix(use-native-credential-proxy): actually bypass the OneCLI gateway#2705
Open
premald wants to merge 1 commit into
Open
fix(use-native-credential-proxy): actually bypass the OneCLI gateway #2705premald wants to merge 1 commit into
premald wants to merge 1 commit into
Conversation
The native-credential-proxy skill is meant to opt out of the OneCLI
gateway and serve Anthropic credentials straight from .env. As shipped
it did neither reliably on a real install:
1. nativeCredentialsEnabled() only read process.env. The host runs under
launchd/systemd without .env loaded, so the flag was perpetually false
and the opt-out never engaged. Now it also reads .env via readEnvFile,
matching the process.env.X || envConfig.X convention used elsewhere.
2. Even with the credential threaded into the container, the skill left
the OneCLI gateway applied. The gateway injects an HTTPS_PROXY that
MITMs api.anthropic.com and overrides the .env credential with the
vault's, so the agent failed every turn with "Invalid API key". The
SKILL.md now wraps the gateway block in a nativeCredentialsEnabled()
guard, the wiring test asserts the guard, and REMOVE.md unwinds it.
Both fixes are required: the gateway skip is dead code without the .env
read, since the guard never trips under launchd.
Tested: pnpm exec vitest run native-credential-proxy{,-wiring}.test.ts
(7 passing), and end-to-end on a launchd install — host logs
"OneCLI gateway skipped — native credentials enabled" and the agent
authenticates with a Claude Max OAuth token from .env.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What — Makes the
use-native-credential-proxyskill actually opt out of the OneCLI gateway, instead of silently falling back to it.Why — As shipped, the skill failed on a real (launchd/systemd) install in two compounding ways:
nativeCredentialsEnabled()only readprocess.env. The host runs under launchd/systemd with no.envloaded, so the flag was alwaysfalseand the opt-out never engaged.HTTPS_PROXYMITMsapi.anthropic.comand overrides the.envcredential — so the agent fails every turn with "Invalid API key."How it works —
nativeCredentialsEnabled()now also reads.envviareadEnvFile(matching theprocess.env.X || envConfig.Xconvention used elsewhere);SKILL.mdwraps the OneCLI gateway block in anativeCredentialsEnabled()guard so it is skipped under the opt-out; the wiring test asserts the guard;REMOVE.mdunwinds it. Both fixes are required — the gateway skip is dead code without the.envread, since the guard never trips under launchd.How it was tested —
pnpm exec vitest run native-credential-proxy{,-wiring}.test.ts(7 passing, including the new guard assertion), and end-to-end on a launchd install: host logsOneCLI gateway skipped — native credentials enabledand the agent authenticates with a Claude Max OAuth token served from.env.Scope: 4 files, all under
.claude/skills/use-native-credential-proxy/.Type: Fix
🤖 Generated with Claude Code