toph/claudebox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
claudebox/.planning/phases/04-auth-passthrough/04-DISCUSSION-LOG.md

2.9 KiB
Raw Blame History

Phase 4: Auth Passthrough - Discussion Log

Audit trail only. Do not use as input to planning, research, or execution agents. Decisions captured in CONTEXT.md — this log preserves the Q&A.

Date: 2026-04-10 Phase: 04-auth-passthrough Mode: discuss Areas discussed: Missing credentials fallback, Audit display, API key + OAuth coexistence, Which credential files

Areas Discussed

Missing credentials fallback

Question Options Selected
What should happen if ~/.claude/.credentials.json doesn't exist on the host? Skip silently / Warn in audit / Hard error Skip silently

Rationale: No credentials = no subscription access inside sandbox. Claude will prompt to log in. No need to warn or error.

Audit display

Question Options Selected
Should the credential mount appear in the pre-launch env audit? Show in audit / Silent Show in audit

User input: Requested a broader audit redesign — three sections (env, mounts, network), unified env var list with color + prefix-based categorization. Not just a minimal mount line.

Question Options Selected
Fold audit redesign into Phase 4 or defer? Fold into Phase 4 / Phase 4 shows mount only Fold into Phase 4

Rationale: Phase 4 already touches the audit; doing the full redesign avoids a half-done audit screen.

Question Options Selected
Color scheme for unified env var list? Green/Yellow/Cyan / Green/Yellow/Magenta / You decide Green/Yellow/Cyan + accessibility prefixes

User input: Requested accessibility prefixes alongside colors: [~] sandbox-generated, [>] host allowlisted, [+] user-configured.

Question Options Selected
Prefix characters? [S]/[H]/[U] / [~]/[>]/[+] / You decide [~] / [>] / [+]

API key + OAuth coexistence

Question Options Selected
When ANTHROPIC_API_KEY is set, still mount credentials? Always mount if credentials exist / Skip mount when API key is set Always mount if credentials exist

Rationale: Simpler logic. Claude Code handles precedence internally.

Which credential files

Question Options Selected
Which auth files to mount? .credentials.json only / Entire ~/.claude / credentials.json + .oauth-token .credentials.json only

Rationale: Minimal surface. Other ~/.claude contents belong to Phase 5 (instance isolation).

Corrections Made

None — all selections were user-confirmed choices.

Scope Notes

  • Audit redesign (three sections, color + prefix) folded into Phase 4 scope at user request.
  • Network section in audit is a placeholder in Phase 4 — Phase 6 makes it dynamic.