fix: detect Claude auth from settings env

[pjpjq]

Summary

• detect Claude auth from ~/.claude/settings.json env values
• treat ANTHROPIC_API_KEY and ANTHROPIC_AUTH_TOKEN from settings as authenticated
• keep existing .credentials.json OAuth detection unchanged

Validation

• node --check server/routes/cli-auth.js
• invoked the /claude/status route handler locally and verified it returns authenticated: true for ANTHROPIC_AUTH_TOKEN stored in settings.json
• verified Claude CLI still works with the same local proxy/token configuration

Summary by CodeRabbit

• New Features
  • CLI authentication now supports reading credentials from a configuration file, providing an alternative method alongside existing authentication approaches.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR adds support for reading Claude authentication credentials from ~/.claude/settings.json. A new loadClaudeSettingsEnv() function reads the settings file and extends the credentials validation logic to accept ANTHROPIC_API_KEY or ANTHROPIC_AUTH_TOKEN from this file as Priority 1b authentication.

Changes

Cohort / File(s)	Summary
Claude Settings-based Authentication server/routes/cli-auth.js	Added loadClaudeSettingsEnv() function to read and parse ~/.claude/settings.json. Extended credential verification to check for ANTHROPIC_API_KEY and ANTHROPIC_AUTH_TOKEN in settings.json as Priority 1b auth path, positioned between environment checks and OAuth token flow.

Possibly related PRs

• PR #346: Also modifies cli-auth.js to add API-key-based Claude authentication detection, but checks ANTHROPIC_API_KEY environment variable as priority 1 instead of reading from settings.json.

Suggested reviewers

• blackmammoth

Poem

🐰 A settings file I hop to find,
With API keys so neatly lined,
No more OAuth delays for me,
Auth credentials flow so free!
Claude greets me with a gentle click,
Priority one-b did the trick! 🐇

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: adding detection of Claude authentication from settings.json environment variables.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

server/routes/cli-auth.js (1)

137-167: ⚠️ Potential issue | 🟠 Major

Handle ANTHROPIC_AUTH_TOKEN in process.env too.

This now reports authenticated when ANTHROPIC_AUTH_TOKEN comes from ~/.claude/settings.json, but the same token still reports unauthenticated when it is already exported into the server process because Priority 1 only checks ANTHROPIC_API_KEY. That creates a false negative on /claude/status for an otherwise valid Claude setup.

Proposed fix

-  if (process.env.ANTHROPIC_API_KEY && process.env.ANTHROPIC_API_KEY.trim()) {
+  if (typeof process.env.ANTHROPIC_API_KEY === 'string' && process.env.ANTHROPIC_API_KEY.trim()) {
     return {
       authenticated: true,
       email: 'API Key Auth',
       method: 'api_key'
     };
   }
+
+  if (typeof process.env.ANTHROPIC_AUTH_TOKEN === 'string' && process.env.ANTHROPIC_AUTH_TOKEN.trim()) {
+    return {
+      authenticated: true,
+      email: 'Configured via environment',
+      method: 'api_key'
+    };
+  }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@server/routes/cli-auth.js` around lines 137 - 167, The current auth check
only treats process.env.ANTHROPIC_API_KEY as a valid env-sourced credential, but
ignores process.env.ANTHROPIC_AUTH_TOKEN; update the initial Priority 1 block to
also accept a non-empty process.env.ANTHROPIC_AUTH_TOKEN as an authenticated
credential (same returned shape as the settingsEnv branch), so that both
ANTHROPIC_API_KEY and ANTHROPIC_AUTH_TOKEN in the process environment result in
authenticated: true; locate the checks around process.env.ANTHROPIC_API_KEY and
loadClaudeSettingsEnv() and apply the same logic used for
settingsEnv.ANTHROPIC_AUTH_TOKEN to process.env.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@server/routes/cli-auth.js`:
- Around line 137-167: The current auth check only treats
process.env.ANTHROPIC_API_KEY as a valid env-sourced credential, but ignores
process.env.ANTHROPIC_AUTH_TOKEN; update the initial Priority 1 block to also
accept a non-empty process.env.ANTHROPIC_AUTH_TOKEN as an authenticated
credential (same returned shape as the settingsEnv branch), so that both
ANTHROPIC_API_KEY and ANTHROPIC_AUTH_TOKEN in the process environment result in
authenticated: true; locate the checks around process.env.ANTHROPIC_API_KEY and
loadClaudeSettingsEnv() and apply the same logic used for
settingsEnv.ANTHROPIC_AUTH_TOKEN to process.env.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: d21252d7-7fc3-4a48-bf8f-76e2416b340e

📥 Commits

Reviewing files that changed from the base of the PR and between f4777c1 and 1c9030b.

📒 Files selected for processing (1)

• server/routes/cli-auth.js

[blackmammoth]

Tested and works!

[blackmammoth]

Hey @pjpjq, this has been merged. Also, if you’d like to join project discussion or community chat, we have a Discord here: link. Totally optional!