fix: use centralized credentials from ~/.claude-mem/.env to prevent API key hijacking (#733)
This fixes Issue #733 where claude-mem would incorrectly use ANTHROPIC_API_KEY from random project .env files instead of the user's configured Claude Code CLI subscription. Root cause: The SDK's `query()` function inherits from `process.env` when no `env` option is passed. When users work in projects with their own .env files containing API keys, the SDK would discover and use those keys, billing the wrong account. Solution: Centralized credential management via ~/.claude-mem/.env Changes: - Add EnvManager.ts: Centralized credential storage and isolated env builder - SDKAgent: Pass isolated env to SDK query() that only includes credentials from ~/.claude-mem/.env, not random keys from process.env inheritance - GeminiAgent/OpenRouterAgent: Use getCredential() instead of process.env fallback - SettingsDefaultsManager: Add CLAUDE_MEM_CLAUDE_AUTH_METHOD setting ('cli' | 'api') How it works: 1. buildIsolatedEnv() creates a clean environment with only essential system vars (PATH, HOME, etc.) and credentials explicitly configured in ~/.claude-mem/.env 2. SDK subprocess runs with this isolated env, never seeing random API keys 3. If no ANTHROPIC_API_KEY is in ~/.claude-mem/.env, Claude Code CLI billing is used 4. Same pattern applied to Gemini/OpenRouter agents for consistency This ensures claude-mem always uses the user's intended billing method, regardless of what .env files exist in their working directory. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
bigphoot
@@ -17,6 +17,7 @@ import { logger } from '../../utils/logger.js';
|
||||
import { buildInitPrompt, buildObservationPrompt, buildSummaryPrompt, buildContinuationPrompt } from '../../sdk/prompts.js';
|
||||
import { SettingsDefaultsManager } from '../../shared/SettingsDefaultsManager.js';
|
||||
import { USER_SETTINGS_PATH, OBSERVER_SESSIONS_DIR, ensureDir } from '../../shared/paths.js';
|
||||
import { buildIsolatedEnv, getAuthMethodDescription } from '../../shared/EnvManager.js';
|
||||
import type { ActiveSession, SDKUserMessage } from '../worker-types.js';
|
||||
import { ModeManager } from '../domain/ModeManager.js';
|
||||
import { processAgentResponse, type WorkerRef } from './agents/index.js';
|
||||
@@ -76,13 +77,20 @@ export class SDKAgent {
|
||||
// NEVER use contentSessionId for resume - that would inject messages into the user's transcript!
|
||||
const hasRealMemorySessionId = !!session.memorySessionId;
|
||||
|
||||
// Build isolated environment from ~/.claude-mem/.env
|
||||
// This prevents Issue #733: random ANTHROPIC_API_KEY from project .env files
|
||||
// being used instead of the configured auth method (CLI subscription or explicit API key)
|
||||
const isolatedEnv = buildIsolatedEnv();
|
||||
const authMethod = getAuthMethodDescription();
|
||||
|
||||
logger.info('SDK', 'Starting SDK query', {
|
||||
sessionDbId: session.sessionDbId,
|
||||
contentSessionId: session.contentSessionId,
|
||||
memorySessionId: session.memorySessionId,
|
||||
hasRealMemorySessionId,
|
||||
resume_parameter: hasRealMemorySessionId ? session.memorySessionId : '(none - fresh start)',
|
||||
lastPromptNumber: session.lastPromptNumber
|
||||
lastPromptNumber: session.lastPromptNumber,
|
||||
authMethod
|
||||
});
|
||||
|
||||
// Debug-level alignment logs for detailed tracing
|
||||
@@ -103,6 +111,7 @@ export class SDKAgent {
|
||||
// Use custom spawn to capture PIDs for zombie process cleanup (Issue #737)
|
||||
// Use dedicated cwd to isolate observer sessions from user's `claude --resume` list
|
||||
ensureDir(OBSERVER_SESSIONS_DIR);
|
||||
// CRITICAL: Pass isolated env to prevent Issue #733 (API key pollution from project .env files)
|
||||
const queryResult = query({
|
||||
prompt: messageGenerator,
|
||||
options: {
|
||||
@@ -118,7 +127,8 @@ export class SDKAgent {
|
||||
abortController: session.abortController,
|
||||
pathToClaudeCodeExecutable: claudePath,
|
||||
// Custom spawn function captures PIDs to fix zombie process accumulation
|
||||
spawnClaudeCodeProcess: createPidCapturingSpawn(session.sessionDbId)
|
||||
spawnClaudeCodeProcess: createPidCapturingSpawn(session.sessionDbId),
|
||||
env: isolatedEnv // Use isolated credentials from ~/.claude-mem/.env, not process.env
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
Reference in New Issue
Block a user