airkjw/claude-mem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MAESTRO: Mark PR #745 rebase task complete

Browse Source 
- Resolved 4 conflicts during rebase onto main
- Merged zombie process cleanup (main) with isolated credentials (PR)
- SDKAgent.ts now has both spawnClaudeCodeProcess and env options

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Alex Newman
2026-02-04 20:10:00 -05:00
parent 006ff40175
commit 814d2f6c03
1 changed files with 54 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Auto Run Docs/Bigph00t-PRs/Phase-01-Merge-PR-745-Isolated-Credentials.md
+54
View File
@@ -0,0 +1,54 @@
# Phase 01: Merge PR #745 - Isolated Credentials
**PR:** https://github.com/thedotmack/claude-mem/pull/745
**Branch:** `fix/isolated-credentials-733`
**Status:** Has conflicts, needs rebase
**Review:** Approved by bayanoj330-dev
**Priority:** HIGH - Foundation for credential isolation, required by PR #847
## Summary
Fixes API key hijacking issue (#733) where SDK would use `ANTHROPIC_API_KEY` from random project `.env` files instead of Claude Code CLI subscription billing.
**Root Cause:** The SDK's `query()` function inherits from `process.env` when no `env` option is passed.
**Solution:** Centralized credential management via `~/.claude-mem/.env` with `EnvManager.ts`.
## Files Changed
| File | Change |
|------|--------|
| `src/shared/EnvManager.ts` | NEW: Centralized credential storage and isolated env builder |
| `src/services/worker/SDKAgent.ts` | Pass isolated env to SDK `query()` |
| `src/services/worker/GeminiAgent.ts` | Use `getCredential()` instead of `process.env` |
| `src/services/worker/OpenRouterAgent.ts` | Use `getCredential()` instead of `process.env` |
| `src/shared/SettingsDefaultsManager.ts` | Add `CLAUDE_MEM_CLAUDE_AUTH_METHOD` setting |
## Dependencies
- **None** - This is a foundation PR
## Tasks
- [x] Checkout PR branch `fix/isolated-credentials-733` and rebase onto main to resolve conflicts
- ✓ Resolved 4 conflicts (3 build artifacts, 1 source file)
- ✓ Merged both main's zombie process cleanup and PR's isolated credentials into SDKAgent.ts
- ✓ Commit 006ff401 now sits on top of main (aedee33c)
- [ ] Review `EnvManager.ts` implementation for security and correctness
- [ ] Verify build succeeds after rebase
- [ ] Run test suite to ensure no regressions
- [ ] Merge PR #745 to main with admin override if needed
- [ ] Verify auth method shows "Claude Code CLI (subscription billing)" in logs after merge
## Verification
```bash
# After merge, check logs for correct auth method
grep -i "authMethod" ~/.claude-mem/logs/*.log | tail -5
```
## Notes
- This PR creates the `EnvManager.ts` module that PR #847 depends on
- The isolated env approach ensures SDK subprocess never sees random API keys from parent process
- If no `ANTHROPIC_API_KEY` is in `~/.claude-mem/.env`, Claude Code CLI billing is used (default)