diff --git a/.claude/skills/debug/SKILL.md b/.claude/skills/debug/SKILL.md index e2cc104..4b348be 100644 --- a/.claude/skills/debug/SKILL.md +++ b/.claude/skills/debug/SKILL.md @@ -61,13 +61,15 @@ Debug level shows: Common causes: -#### Missing API Key +#### Missing Authentication ``` Invalid API key · Please run /login ``` -**Fix:** Ensure `.env` file exists in project root with valid `ANTHROPIC_API_KEY`: +**Fix:** Ensure `.env` file exists with either OAuth token or API key: ```bash -cat .env # Should show: ANTHROPIC_API_KEY=sk-ant-... +cat .env # Should show one of: +# CLAUDE_CODE_OAUTH_TOKEN=sk-ant-oat01-... (subscription) +# ANTHROPIC_API_KEY=sk-ant-api03-... (pay-per-use) ``` #### Root User Restriction @@ -87,7 +89,7 @@ To verify env vars are reaching the container: echo '{}' | container run -i \ --mount type=bind,source=$(pwd)/data/env,target=/workspace/env-dir,readonly \ --entrypoint /bin/bash nanoclaw-agent:latest \ - -c 'export $(cat /workspace/env-dir/env | xargs); echo "API key length: ${#ANTHROPIC_API_KEY}"' + -c 'export $(cat /workspace/env-dir/env | xargs); echo "OAuth: ${#CLAUDE_CODE_OAUTH_TOKEN} chars, API: ${#ANTHROPIC_API_KEY} chars"' ``` ### 3. Mount Issues @@ -111,7 +113,7 @@ container run --rm --entrypoint /bin/bash nanoclaw-agent:latest -c 'ls -la /work Expected structure: ``` /workspace/ -├── env-dir/env # Environment file (ANTHROPIC_API_KEY) +├── env-dir/env # Environment file (CLAUDE_CODE_OAUTH_TOKEN or ANTHROPIC_API_KEY) ├── group/ # Current group folder (cwd) ├── project/ # Project root (main channel only) ├── global/ # Global CLAUDE.md (non-main only) @@ -311,8 +313,8 @@ Run this to check common issues: ```bash echo "=== Checking NanoClaw Container Setup ===" -echo -e "\n1. API Key configured?" -[ -f .env ] && grep -q "ANTHROPIC_API_KEY=sk-" .env && echo "OK" || echo "MISSING - create .env with ANTHROPIC_API_KEY" +echo -e "\n1. Authentication configured?" +[ -f .env ] && (grep -q "CLAUDE_CODE_OAUTH_TOKEN=sk-" .env || grep -q "ANTHROPIC_API_KEY=sk-" .env) && echo "OK" || echo "MISSING - add CLAUDE_CODE_OAUTH_TOKEN or ANTHROPIC_API_KEY to .env" echo -e "\n2. Env file copied for container?" [ -f data/env/env ] && echo "OK" || echo "MISSING - will be created on first run" diff --git a/.claude/skills/setup/SKILL.md b/.claude/skills/setup/SKILL.md index d1486bd..1b97ec5 100644 --- a/.claude/skills/setup/SKILL.md +++ b/.claude/skills/setup/SKILL.md @@ -39,44 +39,50 @@ container --version **Note:** NanoClaw automatically starts the Apple Container system when it launches, so you don't need to start it manually after reboots. -## 3. Configure API Key +## 3. Configure Claude Authentication Ask the user: -> Do you have an Anthropic API key configured elsewhere that I should copy, or should I create a `.env` file for you to fill in? +> Do you want to use your **Claude subscription** (Pro/Max) or an **Anthropic API key**? -**If copying from another location:** -```bash -# Extract only the ANTHROPIC_API_KEY line from the source file -grep "^ANTHROPIC_API_KEY=" /path/to/other/.env > .env -``` +### Option 1: Claude Subscription (Recommended) -Verify the key exists (only show first/last few chars for security): +Ask the user: +> Want me to grab the OAuth token from your current Claude session? + +If yes: ```bash -KEY=$(grep "^ANTHROPIC_API_KEY=" .env | cut -d= -f2) -if [ -n "$KEY" ]; then - echo "API key configured: ${KEY:0:10}...${KEY: -4}" +TOKEN=$(cat ~/.claude/.credentials.json 2>/dev/null | jq -r '.claudeAiOauth.accessToken // empty') +if [ -n "$TOKEN" ]; then + echo "CLAUDE_CODE_OAUTH_TOKEN=$TOKEN" > .env + echo "Token configured: ${TOKEN:0:20}...${TOKEN: -4}" else - echo "API key missing or invalid" + echo "No token found - are you logged in to Claude Code?" fi ``` -**If creating new:** +If the token wasn't found, tell the user: +> Run `claude` in another terminal and log in first, then come back here. + +### Option 2: API Key + +Ask if they have an existing key to copy or need to create one. + +**Copy existing:** +```bash +grep "^ANTHROPIC_API_KEY=" /path/to/source/.env > .env +``` + +**Create new:** ```bash echo 'ANTHROPIC_API_KEY=' > .env ``` -Tell the user: -> I've created `.env` in the project root. Please add your Anthropic API key after the `=` sign. -> You can get an API key from https://console.anthropic.com/ +Tell the user to add their key from https://console.anthropic.com/ -Wait for user confirmation, then verify (only show first/last few chars): +**Verify:** ```bash KEY=$(grep "^ANTHROPIC_API_KEY=" .env | cut -d= -f2) -if [ -n "$KEY" ]; then - echo "API key configured: ${KEY:0:10}...${KEY: -4}" -else - echo "API key missing or invalid" -fi +[ -n "$KEY" ] && echo "API key configured: ${KEY:0:10}...${KEY: -4}" || echo "Missing" ``` ## 4. Build Container Image diff --git a/SPEC.md b/SPEC.md index 686967a..dffe857 100644 --- a/SPEC.md +++ b/SPEC.md @@ -216,15 +216,22 @@ Additional mounts appear at `/workspace/extra/{containerPath}` inside the contai **Apple Container mount syntax note:** Read-write mounts use `-v host:container`, but readonly mounts require `--mount "type=bind,source=...,target=...,readonly"` (the `:ro` suffix doesn't work). -### API Key Configuration +### Claude Authentication -The Anthropic API key must be in a `.env` file in the project root: +Configure authentication in a `.env` file in the project root. Two options: +**Option 1: Claude Subscription (OAuth token)** ```bash -ANTHROPIC_API_KEY=sk-ant-... +CLAUDE_CODE_OAUTH_TOKEN=sk-ant-oat01-... +``` +The token can be extracted from `~/.claude/.credentials.json` if you're logged in to Claude Code. + +**Option 2: Pay-per-use API Key** +```bash +ANTHROPIC_API_KEY=sk-ant-api03-... ``` -This file is automatically mounted into the container at `/workspace/env-dir/env` and sourced by the entrypoint script. This workaround is needed because Apple Container loses `-e` environment variables when using `-i` (interactive mode with piped stdin). +The `.env` file is automatically mounted into the container at `/workspace/env-dir/env` and sourced by the entrypoint script. This workaround is needed because Apple Container loses `-e` environment variables when using `-i` (interactive mode with piped stdin). ### Changing the Assistant Name