From d25b79a5a97a750a09d610e91e355ca2c49abbb7 Mon Sep 17 00:00:00 2001 From: NanoClaw Date: Thu, 26 Mar 2026 13:17:07 +0000 Subject: [PATCH] docs: add auth credentials guidance to main group CLAUDE.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Clarify that only long-lived OAuth tokens (claude setup-token) or API keys should be used — short-lived tokens from the keychain expire within hours and cause recurring 401s. Also update native credential proxy skill to swap the OneCLI reference when applied. Co-Authored-By: Claude Opus 4.6 (1M context) --- .claude/skills/use-native-credential-proxy/SKILL.md | 10 ++++++++++ groups/main/CLAUDE.md | 4 ++++ 2 files changed, 14 insertions(+) diff --git a/.claude/skills/use-native-credential-proxy/SKILL.md b/.claude/skills/use-native-credential-proxy/SKILL.md index 4cdda4c..71448b1 100644 --- a/.claude/skills/use-native-credential-proxy/SKILL.md +++ b/.claude/skills/use-native-credential-proxy/SKILL.md @@ -64,6 +64,16 @@ This merges in: If the merge reports conflicts beyond `package-lock.json`, resolve them by reading the conflicted files and understanding the intent of both sides. +### Update main group CLAUDE.md + +Replace the OneCLI auth reference with the native proxy: + +In `groups/main/CLAUDE.md`, replace: +> OneCLI manages credentials (including Anthropic auth) — run `onecli --help`. + +with: +> The native credential proxy manages credentials (including Anthropic auth) via `.env` — see `src/credential-proxy.ts`. + ### Validate code changes ```bash diff --git a/groups/main/CLAUDE.md b/groups/main/CLAUDE.md index 6080427..17b39cb 100644 --- a/groups/main/CLAUDE.md +++ b/groups/main/CLAUDE.md @@ -77,6 +77,10 @@ Standard Markdown: `**bold**`, `*italic*`, `[links](url)`, `# headings`. This is the **main channel**, which has elevated privileges. +## Authentication + +Anthropic credentials must be either an API key from console.anthropic.com (`ANTHROPIC_API_KEY`) or a long-lived OAuth token from `claude setup-token` (`CLAUDE_CODE_OAUTH_TOKEN`). Short-lived tokens from the system keychain or `~/.claude/.credentials.json` expire within hours and can cause recurring container 401s. The `/setup` skill walks through this. OneCLI manages credentials (including Anthropic auth) — run `onecli --help`. + ## Container Mounts Main has read-only access to the project and read-write access to its group folder: