airkjw/claude-mem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
814d2f6c037fbe764bbfa5534057c696d3d1341a
claude-mem/Auto Run Docs/Bigph00t-PRs/Phase-01-Merge-PR-745-Isolated-Credentials.md
T
Alex Newman 814d2f6c03 MAESTRO: Mark PR #745 rebase task complete 
- Resolved 4 conflicts during rebase onto main
- Merged zombie process cleanup (main) with isolated credentials (PR)
- SDKAgent.ts now has both spawnClaudeCodeProcess and env options

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-04 20:10:00 -05:00

2.2 KiB
Raw Blame History

Phase 01: Merge PR #745 - Isolated Credentials

PR: https://github.com/thedotmack/claude-mem/pull/745 Branch: fix/isolated-credentials-733 Status: Has conflicts, needs rebase Review: Approved by bayanoj330-dev Priority: HIGH - Foundation for credential isolation, required by PR #847

Summary

Fixes API key hijacking issue (#733) where SDK would use ANTHROPIC_API_KEY from random project .env files instead of Claude Code CLI subscription billing.

Root Cause: The SDK's query() function inherits from process.env when no env option is passed.

Solution: Centralized credential management via ~/.claude-mem/.env with EnvManager.ts.

Files Changed

File Change
src/shared/EnvManager.ts NEW: Centralized credential storage and isolated env builder
src/services/worker/SDKAgent.ts Pass isolated env to SDK query()
src/services/worker/GeminiAgent.ts Use getCredential() instead of process.env
src/services/worker/OpenRouterAgent.ts Use getCredential() instead of process.env
src/shared/SettingsDefaultsManager.ts Add CLAUDE_MEM_CLAUDE_AUTH_METHOD setting

Dependencies

  • None - This is a foundation PR

Tasks

  • Checkout PR branch fix/isolated-credentials-733 and rebase onto main to resolve conflicts
    • ✓ Resolved 4 conflicts (3 build artifacts, 1 source file)
    • ✓ Merged both main's zombie process cleanup and PR's isolated credentials into SDKAgent.ts
    • ✓ Commit 006ff401 now sits on top of main (aedee33c)
  • Review EnvManager.ts implementation for security and correctness
  • Verify build succeeds after rebase
  • Run test suite to ensure no regressions
  • Merge PR #745 to main with admin override if needed
  • Verify auth method shows "Claude Code CLI (subscription billing)" in logs after merge

Verification

# After merge, check logs for correct auth method
grep -i "authMethod" ~/.claude-mem/logs/*.log | tail -5

Notes

  • This PR creates the EnvManager.ts module that PR #847 depends on
  • The isolated env approach ensures SDK subprocess never sees random API keys from parent process
  • If no ANTHROPIC_API_KEY is in ~/.claude-mem/.env, Claude Code CLI billing is used (default)
Reference in New Issue View Git Blame Copy Permalink