Document Claude multi-account architecture#1812
Conversation
|
Codex review: needs maintainer review before merge. Reviewed July 1, 2026, 7:12 AM ET / 11:12 UTC. Summary Reproducibility: not applicable. this is a docs-only decision proposal rather than a broken runtime behavior report. Source inspection is sufficient to verify the architecture statements it makes. Review metrics: 2 noteworthy metrics.
Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Risk before merge
Maintainer options:
Next step before merge
Security Review detailsBest possible solution: Land this as a decision record if maintainers accept the read-only claude-swap Phase 1 boundary, then implement #1756 and #1268 in narrow follow-up PRs. Do we have a high-confidence way to reproduce the issue? Not applicable; this is a docs-only decision proposal rather than a broken runtime behavior report. Source inspection is sufficient to verify the architecture statements it makes. Is this the best way to solve the issue? Yes; after the OAuth-scope correction, a docs-first decision record is the narrowest maintainable way to settle the auth/status-item direction without changing runtime behavior. AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against 129f6962e6c3. Label changesLabel changes:
Label justifications:
Evidence reviewedWhat I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
|
|
Addressed the OAuth isolation finding in commit The decision record now states that #1776 prevents CLI-runtime usage refreshes from delegating credential repair, while app and user-initiated repair remain available: Validation: @clawsweeper re-review |
|
🦞🧹 I asked ClawSweeper to review this item again. |
|
Exact-head CI proof for the decision record:
Attempts 2 and 3 were externally cancelled while macOS jobs were queued/running; their logs contained no test assertion failure. The cancelled-job-only rerun completed the same frozen head without a source change. The PR remains open intentionally: CI and automated review are clean, but the read-only |
Summary
claude-swapv0.15 adapter for durable multi-subscription usageThis is a decision document only. It intentionally does not add credential storage, account switching, an external dependency, or product behavior.
Recommendation
cswap --list --jsonintegration as Phase 1.--switch-tountil a separate explicit-action product/auth review.Architecture and overlap evidence
ProviderTokenAccountmodel has one token and no refresh/expiry fields.StatusItemIdentityand status-item storage remain provider-scoped.--list --jsonoutput contract.Validation
make checkRefs #1756
Refs #1268
Follow-up to #1811