tanmay/Regolith
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Support OAuth token authentication as alternative to API key

Browse Source 
- Setup skill now asks subscription vs API key, can auto-grab token
- Debug skill updated for both auth methods
- SPEC.md documents both authentication options

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Gavriel
2026-02-01 12:03:06 +02:00
parent 8ca4c95517
commit 1d4cf51917
3 changed files with 48 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
.claude/skills/debug/SKILL.md
View File

@@ -61,13 +61,15 @@ Debug level shows:
Common causes: Common causes:
#### Missing API Key #### Missing Authentication
``` ```
Invalid API key · Please run /login Invalid API key · Please run /login
``` ```
**Fix:** Ensure `.env` file exists in project root with valid `ANTHROPIC_API_KEY`: **Fix:** Ensure `.env` file exists with either OAuth token or API key:
```bash ```bash
cat .env # Should show: ANTHROPIC_API_KEY=sk-ant-... cat .env # Should show one of:
# CLAUDE_CODE_OAUTH_TOKEN=sk-ant-oat01-... (subscription)
# ANTHROPIC_API_KEY=sk-ant-api03-... (pay-per-use)
``` ```
#### Root User Restriction #### Root User Restriction
@@ -87,7 +89,7 @@ To verify env vars are reaching the container:
echo '{}' | container run -i \ echo '{}' | container run -i \
--mount type=bind,source=$(pwd)/data/env,target=/workspace/env-dir,readonly \ --mount type=bind,source=$(pwd)/data/env,target=/workspace/env-dir,readonly \
--entrypoint /bin/bash nanoclaw-agent:latest \ --entrypoint /bin/bash nanoclaw-agent:latest \
-c 'export $(cat /workspace/env-dir/env | xargs); echo "API key length: ${#ANTHROPIC_API_KEY}"' -c 'export $(cat /workspace/env-dir/env | xargs); echo "OAuth: ${#CLAUDE_CODE_OAUTH_TOKEN} chars, API: ${#ANTHROPIC_API_KEY} chars"'
``` ```
### 3. Mount Issues ### 3. Mount Issues
@@ -111,7 +113,7 @@ container run --rm --entrypoint /bin/bash nanoclaw-agent:latest -c 'ls -la /work
Expected structure: Expected structure:
``` ```
/workspace/ /workspace/
├── env-dir/env # Environment file (ANTHROPIC_API_KEY) ├── env-dir/env # Environment file (CLAUDE_CODE_OAUTH_TOKEN or ANTHROPIC_API_KEY)
├── group/ # Current group folder (cwd) ├── group/ # Current group folder (cwd)
├── project/ # Project root (main channel only) ├── project/ # Project root (main channel only)
├── global/ # Global CLAUDE.md (non-main only) ├── global/ # Global CLAUDE.md (non-main only)
@@ -311,8 +313,8 @@ Run this to check common issues:
```bash ```bash
echo "=== Checking NanoClaw Container Setup ===" echo "=== Checking NanoClaw Container Setup ==="
echo -e "\n1. API Key configured?" echo -e "\n1. Authentication configured?"
[ -f .env ] && grep -q "ANTHROPIC_API_KEY=sk-" .env && echo "OK" || echo "MISSING - create .env with ANTHROPIC_API_KEY" [ -f .env ] && (grep -q "CLAUDE_CODE_OAUTH_TOKEN=sk-" .env || grep -q "ANTHROPIC_API_KEY=sk-" .env) && echo "OK" || echo "MISSING - add CLAUDE_CODE_OAUTH_TOKEN or ANTHROPIC_API_KEY to .env"
echo -e "\n2. Env file copied for container?" echo -e "\n2. Env file copied for container?"
[ -f data/env/env ] && echo "OK" || echo "MISSING - will be created on first run" [ -f data/env/env ] && echo "OK" || echo "MISSING - will be created on first run"

50
.claude/skills/setup/SKILL.md
View File

@@ -39,44 +39,50 @@ container --version
**Note:** NanoClaw automatically starts the Apple Container system when it launches, so you don't need to start it manually after reboots. **Note:** NanoClaw automatically starts the Apple Container system when it launches, so you don't need to start it manually after reboots.
## 3. Configure API Key ## 3. Configure Claude Authentication
Ask the user: Ask the user:
> Do you have an Anthropic API key configured elsewhere that I should copy, or should I create a `.env` file for you to fill in? > Do you want to use your **Claude subscription** (Pro/Max) or an **Anthropic API key**?
**If copying from another location:** ### Option 1: Claude Subscription (Recommended)
```bash
# Extract only the ANTHROPIC_API_KEY line from the source file
grep "^ANTHROPIC_API_KEY=" /path/to/other/.env > .env
```
Verify the key exists (only show first/last few chars for security): Ask the user:
> Want me to grab the OAuth token from your current Claude session?
If yes:
```bash ```bash
KEY=$(grep "^ANTHROPIC_API_KEY=" .env | cut -d= -f2) TOKEN=$(cat ~/.claude/.credentials.json 2>/dev/null | jq -r '.claudeAiOauth.accessToken // empty')
if [ -n "$KEY" ]; then if [ -n "$TOKEN" ]; then
echo "API key configured: ${KEY:0:10}...${KEY: -4}" echo "CLAUDE_CODE_OAUTH_TOKEN=$TOKEN" > .env
echo "Token configured: ${TOKEN:0:20}...${TOKEN: -4}"
else else
echo "API key missing or invalid" echo "No token found - are you logged in to Claude Code?"
fi fi
``` ```
**If creating new:** If the token wasn't found, tell the user:
> Run `claude` in another terminal and log in first, then come back here.
### Option 2: API Key
Ask if they have an existing key to copy or need to create one.
**Copy existing:**
```bash
grep "^ANTHROPIC_API_KEY=" /path/to/source/.env > .env
```
**Create new:**
```bash ```bash
echo 'ANTHROPIC_API_KEY=' > .env echo 'ANTHROPIC_API_KEY=' > .env
``` ```
Tell the user: Tell the user to add their key from https://console.anthropic.com/
> I've created `.env` in the project root. Please add your Anthropic API key after the `=` sign.
> You can get an API key from https://console.anthropic.com/
Wait for user confirmation, then verify (only show first/last few chars): **Verify:**
```bash ```bash
KEY=$(grep "^ANTHROPIC_API_KEY=" .env | cut -d= -f2) KEY=$(grep "^ANTHROPIC_API_KEY=" .env | cut -d= -f2)
if [ -n "$KEY" ]; then [ -n "$KEY" ] && echo "API key configured: ${KEY:0:10}...${KEY: -4}" || echo "Missing"
echo "API key configured: ${KEY:0:10}...${KEY: -4}"
else
echo "API key missing or invalid"
fi
``` ```
## 4. Build Container Image ## 4. Build Container Image

15
SPEC.md
View File

@@ -216,15 +216,22 @@ Additional mounts appear at `/workspace/extra/{containerPath}` inside the contai
**Apple Container mount syntax note:** Read-write mounts use `-v host:container`, but readonly mounts require `--mount "type=bind,source=...,target=...,readonly"` (the `:ro` suffix doesn't work). **Apple Container mount syntax note:** Read-write mounts use `-v host:container`, but readonly mounts require `--mount "type=bind,source=...,target=...,readonly"` (the `:ro` suffix doesn't work).
### API Key Configuration ### Claude Authentication
The Anthropic API key must be in a `.env` file in the project root: Configure authentication in a `.env` file in the project root. Two options:
**Option 1: Claude Subscription (OAuth token)**
```bash ```bash
ANTHROPIC_API_KEY=sk-ant-... CLAUDE_CODE_OAUTH_TOKEN=sk-ant-oat01-...
```
The token can be extracted from `~/.claude/.credentials.json` if you're logged in to Claude Code.
**Option 2: Pay-per-use API Key**
```bash
ANTHROPIC_API_KEY=sk-ant-api03-...
``` ```
This file is automatically mounted into the container at `/workspace/env-dir/env` and sourced by the entrypoint script. This workaround is needed because Apple Container loses `-e` environment variables when using `-i` (interactive mode with piped stdin). The `.env` file is automatically mounted into the container at `/workspace/env-dir/env` and sourced by the entrypoint script. This workaround is needed because Apple Container loses `-e` environment variables when using `-i` (interactive mode with piped stdin).
### Changing the Assistant Name ### Changing the Assistant Name