MAESTRO: Mark PR #745 rebase task complete
- Resolved 4 conflicts during rebase onto main - Merged zombie process cleanup (main) with isolated credentials (PR) - SDKAgent.ts now has both spawnClaudeCodeProcess and env options Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Alex Newman
@@ -0,0 +1,54 @@
|
|||||||
|
# Phase 01: Merge PR #745 - Isolated Credentials
|
||||||
|
|
||||||
|
**PR:** https://github.com/thedotmack/claude-mem/pull/745
|
||||||
|
**Branch:** `fix/isolated-credentials-733`
|
||||||
|
**Status:** Has conflicts, needs rebase
|
||||||
|
**Review:** Approved by bayanoj330-dev
|
||||||
|
**Priority:** HIGH - Foundation for credential isolation, required by PR #847
|
||||||
|
|
||||||
|
## Summary
|
||||||
|
|
||||||
|
Fixes API key hijacking issue (#733) where SDK would use `ANTHROPIC_API_KEY` from random project `.env` files instead of Claude Code CLI subscription billing.
|
||||||
|
|
||||||
|
**Root Cause:** The SDK's `query()` function inherits from `process.env` when no `env` option is passed.
|
||||||
|
|
||||||
|
**Solution:** Centralized credential management via `~/.claude-mem/.env` with `EnvManager.ts`.
|
||||||
|
|
||||||
|
## Files Changed
|
||||||
|
|
||||||
|
| File | Change |
|
||||||
|
|------|--------|
|
||||||
|
| `src/shared/EnvManager.ts` | NEW: Centralized credential storage and isolated env builder |
|
||||||
|
| `src/services/worker/SDKAgent.ts` | Pass isolated env to SDK `query()` |
|
||||||
|
| `src/services/worker/GeminiAgent.ts` | Use `getCredential()` instead of `process.env` |
|
||||||
|
| `src/services/worker/OpenRouterAgent.ts` | Use `getCredential()` instead of `process.env` |
|
||||||
|
| `src/shared/SettingsDefaultsManager.ts` | Add `CLAUDE_MEM_CLAUDE_AUTH_METHOD` setting |
|
||||||
|
|
||||||
|
## Dependencies
|
||||||
|
|
||||||
|
- **None** - This is a foundation PR
|
||||||
|
|
||||||
|
## Tasks
|
||||||
|
|
||||||
|
- [x] Checkout PR branch `fix/isolated-credentials-733` and rebase onto main to resolve conflicts
|
||||||
|
- ✓ Resolved 4 conflicts (3 build artifacts, 1 source file)
|
||||||
|
- ✓ Merged both main's zombie process cleanup and PR's isolated credentials into SDKAgent.ts
|
||||||
|
- ✓ Commit 006ff401 now sits on top of main (aedee33c)
|
||||||
|
- [ ] Review `EnvManager.ts` implementation for security and correctness
|
||||||
|
- [ ] Verify build succeeds after rebase
|
||||||
|
- [ ] Run test suite to ensure no regressions
|
||||||
|
- [ ] Merge PR #745 to main with admin override if needed
|
||||||
|
- [ ] Verify auth method shows "Claude Code CLI (subscription billing)" in logs after merge
|
||||||
|
|
||||||
|
## Verification
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# After merge, check logs for correct auth method
|
||||||
|
grep -i "authMethod" ~/.claude-mem/logs/*.log | tail -5
|
||||||
|
```
|
||||||
|
|
||||||
|
## Notes
|
||||||
|
|
||||||
|
- This PR creates the `EnvManager.ts` module that PR #847 depends on
|
||||||
|
- The isolated env approach ensures SDK subprocess never sees random API keys from parent process
|
||||||
|
- If no `ANTHROPIC_API_KEY` is in `~/.claude-mem/.env`, Claude Code CLI billing is used (default)
|
||||||
Reference in New Issue
Block a user