feat(claude): add bounded host auth context#151
Merged
Conversation
Contributor
Author
|
Landed in Exact-head proof for
Canonical issue: #149. Duplicate #150 is closed as duplicate. |
Jercik
added a commit
to Jercik/clawpatch
that referenced
this pull request
Jul 5, 2026
Fork build on upstream 140b0ac carrying three local patches: 20-minute Claude timeout, OpenCode --variant reasoning effort, and the dist/cli.js executable-bit build step. Subscription auth now comes from upstream's CLAWPATCH_CLAUDE_AUTH_CONTEXT=host (openclaw#151) instead of a fork patch.
Jercik
added a commit
to Jercik/clawpatch
that referenced
this pull request
Jul 5, 2026
Fork build on upstream 140b0ac carrying four local patches: 20-minute Claude timeout, OpenCode --variant reasoning effort, the dist/cli.js executable-bit build step, and the USER keychain fix for host auth context. Subscription auth now comes from upstream's CLAWPATCH_CLAUDE_AUTH_CONTEXT=host (openclaw#151) instead of a fork patch.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
CLAWPATCH_CLAUDE_AUTH_CONTEXT=hostfor the configured Claude binary's login/setup-token context--safe-modeinstead of--barein host mode while retaining the scrubbed allowlist env, temp XDG/cache/data dirs, strict empty MCP config, tool limits, disabled slash commands, and disabled browser integrationauthentication_failed/is_error/ not-logged-in envelope without echoing arbitrary result or error textCloses #149.
Supersedes duplicate #150.
Security boundary
Host mode is opt-in and requires Claude Code 2.1.169+. It exposes only
HOME/USERPROFILE, optionalCLAUDE_CONFIG_DIR, the existing auth allowlist, andCLAUDE_CODE_OAUTH_TOKEN; it does not inherit the whole host environment. Unknown string errors remain redacted behindprovider-error; only the exact publicauthentication_failedcode is surfaced.The implementation follows Claude Code's current primary contracts: bare mode skips OAuth/keychain reads, safe mode was introduced in 2.1.169, and credential locations plus setup-token behavior are documented here.
Proof
pnpm vitest run src/provider.test.ts— 136 passedpnpm format:checkpnpm lintpnpm typecheckpnpm testpnpm buildpnpm pack:smokedist/cli.jshost-mode doctor passed an executable boundary probe that asserted safe mode, no bare mode, strict MCP/slash isolation, host auth locator, temp XDG, OAuth-token forwarding, and no unrelated env leakagedist/cli.jsagainst actual Claude Code 2.1.197 converted the current not-logged-in envelope into redacted provider-auth exit 4Risk: medium — explicit auth-boundary opt-in, default behavior unchanged.