Fix #1844: block background Claude delegated refresh and mcpOAuth-only keychain touch#1848
Conversation
|
Codex review: needs maintainer review before merge. Reviewed July 3, 2026, 3:32 PM ET / 19:32 UTC. Summary Reproducibility: yes. The current-main failure path is source-reproducible from an expired Claude-CLI-owned OAuth cache plus an MCP-only Review metrics: 3 noteworthy metrics.
Root-cause cluster Members:
Proposal only: this assessment does not dispatch repair, suppress jobs, mutate sibling items, close, or merge anything. Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Risk before merge
Maintainer options:
Next step before merge
Security Review detailsBest possible solution: Land this narrow fail-closed guard for the background browser-launch regression, and keep primary Claude Code OAuth storage discovery tracked separately. Do we have a high-confidence way to reproduce the issue? Yes. The current-main failure path is source-reproducible from an expired Claude-CLI-owned OAuth cache plus an MCP-only Is this the best way to solve the issue? Yes. The PR is the narrowest maintainable fix for the reported browser-launch regression because it blocks background delegation on a known-unsuccessful keychain shape while leaving user-initiated recovery intact. AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against 289ae204fa6b. Label changesLabel changes:
Label justifications:
Evidence reviewedAcceptance criteria:
What I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
|
267621d to
c854fdd
Compare
5242ed9 to
0c182d7
Compare
904cc7c to
d74f9e7
Compare
d74f9e7 to
b600ddd
Compare
Document macOS integration test results and provide an optional Keychain fixture E2E script for maintainer/reporter follow-up on PR steipete#1848. Co-authored-by: Cursor <cursoragent@cursor.com>
Rewrite verification proof and PR helper text for maintainer review, document MCP-only keychain behavior in claude.md, and add an Unreleased changelog entry for the Phase 1 fail-closed fix. Co-authored-by: Cursor <cursoragent@cursor.com>
|
🦞🧹 I asked ClawSweeper to review this item again. |
macOS verification (2026-07-03)Contributor verification for the Phase 1 guard in this PR. Full write-up: Environment: macOS arm64, Claude Code 2.1.193, branch Integration testsswift test --filter 'mcp O auth|delegated retry experimental|load with auto refresh expired claude CLI owner throws mcp'Result: 5/5 passed on macOS release-linked binaries.
Representative logs: No delegated CLI touch or Keychain fixture E2ENot completed in unattended automation (macOS Keychain write requires interactive approval). Optional follow-up on a machine with the reporter's keychain shape, or locally via: ./Scripts/verify_1844_live.shConclusionPhase 1 code paths are covered by macOS integration tests and demonstrate fail-closed behavior for MCP-only keychain payloads without background delegated CLI refresh. @clawsweeper re-review |
|
🦞🧹 I asked ClawSweeper to review this item again. |
Keychain E2E verification (2026-07-03)Ran
Background
@clawsweeper re-review |
- Honor stored keychain prompt mode for delegated refresh when the experimental security CLI reader is active (fixes steipete#1844 browser launches) - Detect mcpOAuth-only Claude keychain payloads and fail fast without invoking claude /status - Split raw security CLI keychain read from parsed credential load - Align Linux delegated-refresh characterization with macOS suppression CI: all checks green on this commit (https://github.com/steipete/CodexBar/actions/runs/28618883443) Fixes steipete#1844 (partial) Co-authored-by: Yuxin Qiao <Yuxin-Qiao@users.noreply.github.com>
Document macOS integration test results and provide an optional Keychain fixture E2E script for maintainer/reporter follow-up on PR steipete#1848. Co-authored-by: Cursor <cursoragent@cursor.com>
Rewrite verification proof and PR helper text for maintainer review, document MCP-only keychain behavior in claude.md, and add an Unreleased changelog entry for the Phase 1 fail-closed fix. Co-authored-by: Cursor <cursoragent@cursor.com>
Move isMcpOAuthOnlyClaudeKeychainPayloadPresent out of the macOS-only security CLI reader block so CodexBarCLI compiles on Linux. Co-authored-by: Cursor <cursoragent@cursor.com>
Verifier hardening (2026-07-04)Polished
Docs: @clawsweeper re-review |
|
🦞🧹 I asked ClawSweeper to review this item again. |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 0551c7963c
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 2d3830ae0b
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
2d3830a to
4289011
Compare
Maintainer exact-head verification (2026-07-03)Exact candidate:
This lands the browser-launch regression fix from #1844. Discovery of Claude Code 2.1.x's primary OAuth storage remains separately tracked by #1823. |
Summary
Fixes the background browser-launch regression in #1844: when Claude Code stores only MCP OAuth state in
Claude Code-credentials(noclaudeAiOauth), CodexBar no longer runs background delegatedclaude /statusrefresh—which can launch the default browser via/usr/bin/open.Scope: fail-closed safety guard for both keychain readers. Discovery of Claude Code 2.1.x's primary OAuth storage location remains tracked by #1823.
Problem
On Claude Code 2.1.x, the
Claude Code-credentialskeychain item may contain onlymcpOAuth. CodexBar then fails to parse Claude OAuth credentials, treats the session as expired, and may periodically attempt delegated CLI refresh. That path can open the user's default browser from the background.Contributing issues on
main:ClaudeOAuthKeychainPromptPreference.current(), which becomes.alwayswhen the experimental security CLI reader is active—soonlyOnUserActiondid not suppress background repair.claude /statuseven when the keychain shape could not succeed.Changes
securityCLIExperimental). Background refresh withonlyOnUserActionfails closed with existing user-action guidance instead of callingclaude /status.ClaudeOAuthCredentialsError.mcpOAuthOnlyKeychain, skip delegated CLI touch, and fail fast during expired Claude CLI credential load.readRawClaudeKeychainPayloadViaSecurityCLIIfEnabledvs parsed credential load./usr/bin/securityreader can target a disposable keychain only while all general keychain access is disabled.Scripts/verify_1844_live.shcombines that keychain with disposableHOME,CFFIXED_USER_HOME, credentials, config, and a syntheticclaudefixture that distinguishes benign CLI discovery from/statustouch.Tests
Verification
docs/verify-1844-proof.mdCodexBar.appand packagedCodexBarCLIisolated live proofmake check, 45-shardmake test, and autoreview on the local portCommands
Fixes #1844. Primary OAuth storage discovery remains tracked by #1823.