Skip to content

[codex] Fix Claude auto fallback for MCP-only keychain#1992

Open
janpollak wants to merge 2 commits into
steipete:mainfrom
janpollak:codex/fix-claude-mcp-oauth-auto-fallback
Open

[codex] Fix Claude auto fallback for MCP-only keychain#1992
janpollak wants to merge 2 commits into
steipete:mainfrom
janpollak:codex/fix-claude-mcp-oauth-auto-fallback

Conversation

@janpollak

@janpollak janpollak commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Skip Claude OAuth in background Auto planning when the cached Claude CLI-owned credential is expired and the live Claude Keychain contains MCP-only OAuth state.
  • Fall through directly to the CLI/Web fallback instead of making a doomed OAuth attempt.
  • Preserve user-initiated refresh and explicit OAuth behavior.
  • Avoid the Keychain probe when Claude CLI is unavailable, and ignore MCP-only state when Keychain access is disabled.
  • Add an Unreleased changelog entry crediting @janpollak.

Verification

Exact candidate: 1a9d2567d862f9a3f6eab33e94c96b0ba9332101

  • swift test --filter ClaudeOAuthFetchStrategyAvailabilityTests: 17/17 passed.
  • Matrix coverage includes background Auto, user-initiated Auto, explicit OAuth, ordinary Claude OAuth payloads, disabled Keychain access, unavailable CLI, and existing startup/prompt-policy paths.
  • make check: passed; SwiftFormat and SwiftLint report zero violations.
  • make test: all 50/50 local shards passed.
  • autoreview --mode local: clean; no accepted/actionable findings.
  • Signed Debug package: Developer ID signature, deep/strict verification, and Gatekeeper assessment passed; embedded commit 1a9d2567.
  • The exact packaged app launches, remains running, and exposes the CodexBar Debug status item.

The current host has no usable Claude OAuth credential, so it cannot reproduce a real MCP-only Keychain state. The branch therefore makes no authenticated/MCP-only live-state claim beyond the contributor's original Debug-attempt evidence and the compiled prompt-free matrix above.

Public Model Identifier Gate: PASS (no model-bearing mutation).

Dependency freshness: PASS (no dependency changes).

Landing boundary

Code and local proof are ready. This changes auth/Keychain routing, so it remains unmerged pending explicit owner sign-off and, if required, a real MCP-only live-state proof waiver.

@clawsweeper

clawsweeper Bot commented Jul 8, 2026

Copy link
Copy Markdown

Codex review: needs real behavior proof before merge. Reviewed July 9, 2026, 2:00 PM ET / 18:00 UTC.

Summary
The PR changes Claude OAuth Auto availability to skip background OAuth for expired Claude CLI-owned credentials with MCP-only Keychain state, adds focused availability tests, and updates the changelog.

Reproducibility: Partly. Source inspection shows current main returns OAuth available for expired Claude CLI-owned credentials when the CLI is present, and the PR adds fixture coverage for MCP-only Keychain state; no live MCP-only Keychain repro was run because repository policy forbids prompt-prone probes without explicit request.

Review metrics: 2 noteworthy metrics.

  • Changed files: 3 files; +103/-6. The review surface is one Claude auth-routing file, one focused test file, and one changelog entry.
  • Availability cases added: 5 new cases. The added tests cover the key behavior split across background Auto, user-initiated Auto, explicit OAuth, ordinary OAuth payloads, and disabled Keychain access.

Merge readiness
Overall: 🦪 silver shellfish
Proof: 🦪 silver shellfish
Patch quality: 🐚 platinum hermit
Result: blocked until stronger real behavior proof is added.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

  • [P2] Add redacted live MCP-only Keychain fallback proof, or have the auth owner explicitly waive that proof requirement in the PR body or discussion.

Proof guidance:

  • [P1] Needs stronger real behavior proof before merge: The PR body reports tests and package-launch proof but says no live MCP-only Keychain state was reproduced; add redacted live output/logs or an owner waiver, then update the PR body to trigger re-review.

Risk before merge

  • [P2] This changes Claude Auto's OAuth availability before fallback, so a detector mistake could alter provider routing for existing Claude users with expired CLI-owned credentials.
  • [P1] The PR body explicitly lacks live MCP-only Keychain proof, so the focused tests do not fully prove the real Claude CLI/Keychain state that triggered the bug.

Maintainer options:

  1. Gate merge on auth-owner proof decision (recommended)
    Have the auth owner explicitly accept the stubbed matrix as a live-proof waiver or provide redacted MCP-only Keychain proof before merging.
  2. Accept the auth-routing risk
    Maintainers may intentionally merge with the current test matrix if they decide the narrow fallback and existing MCP-only detector make live proof unnecessary.
  3. Pause until broader Claude storage triage settles
    Keep the PR paused if the fallback should wait for the remaining Claude credential-storage direction to be confirmed.

Next step before merge

  • [P1] Manual review is needed because the remaining blocker is auth-owner proof sufficiency or waiver, not a narrow code repair ClawSweeper can safely automate.

Maintainer decision needed

  • Question: Should this PR land with the focused no-prompt test matrix and package launch proof, or should it wait for redacted live MCP-only Keychain proof?
  • Rationale: The code path is narrow and well covered by fixtures, but the changed behavior affects Claude auth routing and the PR body explicitly says live MCP-only state was not reproduced on the current host.
  • Likely owner: steipete — steipete authored the hardening commit and is the clearest auth-owner decision point in the available history.
  • Options:
    • Require owner sign-off before merge (recommended): Merge only after steipete confirms the test matrix is an acceptable live-proof waiver or adds a short redacted live-proof note for the MCP-only Keychain fallback.
    • Ask for contributor live proof: Hold the PR until the contributor can provide redacted logs, terminal output, or a recording showing Auto falling through with a real MCP-only Claude Keychain state.
    • Pause for broader storage work: Leave this PR unmerged if maintainers want the remaining Claude credential-storage investigation in Claude constantly looses token for access #1823 resolved first.

Security
Cleared: No concrete security or supply-chain defect was found; the diff reuses existing no-prompt Keychain detection and adds no dependencies, scripts, permissions, or broader secret access.

Review details

Best possible solution:

Merge the narrow fallback only after the auth owner accepts the fixture matrix as sufficient or adds redacted live MCP-only Keychain proof; keep broader Claude Code credential-storage discovery in #1823.

Do we have a high-confidence way to reproduce the issue?

Partly. Source inspection shows current main returns OAuth available for expired Claude CLI-owned credentials when the CLI is present, and the PR adds fixture coverage for MCP-only Keychain state; no live MCP-only Keychain repro was run because repository policy forbids prompt-prone probes without explicit request.

Is this the best way to solve the issue?

Yes for the code shape: it reuses the existing MCP-only detector, preserves explicit OAuth and user-initiated refresh, and adds focused tests. Merge readiness still depends on maintainer acceptance of the proof gap for this auth-provider routing change.

AGENTS.md: found and applied where relevant.

Codex review notes: model internal, reasoning high; reviewed against 3b039d15e125.

Label changes

Label justifications:

  • P2: This is a normal-priority Claude auth fallback fix with limited blast radius but real impact for affected Auto-mode users.
  • merge-risk: 🚨 auth-provider: Merging changes Claude OAuth availability and provider fallback behavior, and CI cannot prove the real MCP-only Keychain state without live auth proof or an owner waiver.
  • rating: 🦪 silver shellfish: Overall readiness is 🦪 silver shellfish; proof is 🦪 silver shellfish and patch quality is 🐚 platinum hermit.
  • status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs stronger real behavior proof before merge: The PR body reports tests and package-launch proof but says no live MCP-only Keychain state was reproduced; add redacted live output/logs or an owner waiver, then update the PR body to trigger re-review.
Evidence reviewed

What I checked:

Likely related people:

  • steipete: Peter Steinberger authored the current hardening commit and recent history ties him to Claude OAuth routing, release state, and auth-owner sign-off. (role: recent area contributor and likely decision owner; confidence: high; commits: 1a9d2567d862, a83a83fa4131, b435e27b429f; files: Sources/CodexBarCore/Providers/Claude/ClaudeProviderDescriptor.swift, Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthCredentials.swift, Tests/CodexBarTests/ClaudeOAuthFetchStrategyAvailabilityTests.swift)
  • Yuxin-Qiao: Yuxin Qiao introduced the merged MCP-only Keychain fail-closed behavior that this PR extends into Auto availability planning. (role: recent adjacent contributor; confidence: medium; commits: a27c9b094e61; files: Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthCredentials+SecurityCLIReader.swift, Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthDelegatedRefreshCoordinator.swift, Tests/CodexBarTests/ClaudeOAuthCredentialsStoreMCPOnlyGuardTests.swift)
  • Rajvardhan Patil: Rajvardhan Patil's Claude CLI token ownership work constrains the expired CLI-owned credential branch this PR changes. (role: introduced token-ownership policy; confidence: medium; commits: 3488587856c7; files: Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthCredentials.swift, Tests/CodexBarTests/ClaudeOAuthCredentialsStoreCLIStorageOwnershipTests.swift)
  • Ratul Sarna: Ratul Sarna has substantial history in Claude OAuth prompt policy, delegated refresh, and keychain-reader behavior around this routing path. (role: feature-history contributor; confidence: medium; commits: 0e7da356a37f, b2ef621d5fef, d761ade9cd28; files: Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthCredentials.swift, Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthDelegatedRefreshCoordinator.swift, Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthCredentials+SecurityCLIReader.swift)
What the crustacean ranks mean
  • 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
  • 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
  • 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
  • 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
  • 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
  • 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
  • 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works
  • ClawSweeper keeps one durable marker-backed review comment per issue or PR.
  • Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
  • A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
  • PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
  • Maintainers can also comment @clawsweeper review to request a fresh review only.
  • Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
  • Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
  • Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.
Review history (4 earlier review cycles)
  • reviewed 2026-07-08T08:01:20.911Z sha c8245b1 :: needs real behavior proof before merge. :: none
  • reviewed 2026-07-08T08:07:03.524Z sha c8245b1 :: needs real behavior proof before merge. :: none
  • reviewed 2026-07-08T13:12:46.112Z sha c8245b1 :: needs maintainer review before merge. :: none
  • reviewed 2026-07-09T17:54:25.852Z sha 1a9d256 :: needs real behavior proof before merge. :: none

@clawsweeper clawsweeper Bot added rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask. P2 Normal priority bug or improvement with limited blast radius. merge-risk: 🚨 auth-provider 🚨 Merging this PR could break OAuth, tokens, provider routing, model choice, or credentials. proof: sufficient Contributor real behavior proof is sufficient. rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR. and removed rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask. labels Jul 8, 2026
@janpollak janpollak marked this pull request as ready for review July 8, 2026 13:31
@clawsweeper clawsweeper Bot removed proof: sufficient Contributor real behavior proof is sufficient. rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR. labels Jul 8, 2026
janpollak and others added 2 commits July 9, 2026 10:36
Co-authored-by: janpollak <40995260+janpollak@users.noreply.github.com>
@steipete steipete force-pushed the codex/fix-claude-mcp-oauth-auto-fallback branch from c8245b1 to 1a9d256 Compare July 9, 2026 17:46
@clawsweeper clawsweeper Bot added rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask. labels Jul 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

merge-risk: 🚨 auth-provider 🚨 Merging this PR could break OAuth, tokens, provider routing, model choice, or credentials. P2 Normal priority bug or improvement with limited blast radius. rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants