feature: support for ~/.claude/settings.json

apps/server/src/lib/claude-settings.ts

@@ -0,0 +1,134 @@
+/**
+ * Shared utilities for reading and parsing ~/.claude/settings.json
+ *
+ * This file centralizes all logic related to the Claude settings file
+ * to avoid code duplication across multiple files.
+ */
+
+import fs from 'fs/promises';
+import path from 'path';
+import os from 'os';
+import { createLogger } from '@automaker/utils';
+
+const logger = createLogger('ClaudeSettings');
+
+export interface ClaudeSettings {
+  env?: Record<string, string>;
+  apiKey?: string;
+  api_key?: string;
+  oauthToken?: string;
+  oauth_token?: string;
+  primaryApiKey?: string;
+}
+
+/**
+ * Get the path to ~/.claude/settings.json
+ */
+export function getSettingsPath(): string {
+  return path.join(os.homedir(), '.claude', 'settings.json');
+}
+
+/**
+ * Load and parse ~/.claude/settings.json
+ * Returns null if file doesn't exist or is invalid
+ */
+export async function loadClaudeSettings(): Promise<ClaudeSettings | null> {
+  try {
+    const content = await fs.readFile(getSettingsPath(), 'utf-8');
+    return JSON.parse(content);
+  } catch (error: unknown) {
+    // It's fine if the file doesn't exist, but other errors should be logged
+    const nodeError = error as NodeJS.ErrnoException;
+    if (nodeError.code !== 'ENOENT') {
+      logger.error('Error reading or parsing ~/.claude/settings.json:', error);
+    }
+    return null;
+  }
+}
+
+/**
+ * Extract authentication token from settings
+ * Checks multiple locations in order of priority:
+ * 1. env.ANTHROPIC_AUTH_TOKEN - Claude Code format
+ * 2. oauthToken / oauth_token - root-level OAuth tokens
+ * 3. apiKey / api_key / primaryApiKey - root-level API keys
+ */
+export function extractAuthToken(settings: ClaudeSettings): string | null {
+  // Check env section (Claude Code format)
+  if (settings.env?.ANTHROPIC_AUTH_TOKEN) {
+    return settings.env.ANTHROPIC_AUTH_TOKEN;
+  }
+
+  // Check for OAuth tokens at root level
+  if (settings.oauthToken) {
+    return settings.oauthToken;
+  }
+  if (settings.oauth_token) {
+    return settings.oauth_token;
+  }
+
+  // Check for API keys at root level
+  if (settings.apiKey) {
+    return settings.apiKey;
+  }
+  if (settings.api_key) {
+    return settings.api_key;
+  }
+  if (settings.primaryApiKey) {
+    return settings.primaryApiKey;
+  }
+
+  return null;
+}
+
+/**
+ * Check if settings file exists and contains authentication
+ */
+export async function hasSettingsFileAuth(): Promise<boolean> {
+  const settings = await loadClaudeSettings();
+  return settings ? extractAuthToken(settings) !== null : false;
+}
+
+/**
+ * Get auth token from settings file
+ */
+export async function getSettingsFileToken(): Promise<string | null> {
+  const settings = await loadClaudeSettings();
+  return settings ? extractAuthToken(settings) : null;
+}
+
+/**
+ * Get the env section from settings file
+ * Returns null if file doesn't exist or has no env section
+ */
+export async function getSettingsEnv(): Promise<Record<string, string> | null> {
+  const settings = await loadClaudeSettings();
+  if (!settings) {
+    return null;
+  }
+
+  // Return the env section if it exists and has content
+  if (settings.env && typeof settings.env === 'object' && Object.keys(settings.env).length > 0) {
+    return settings.env;
+  }
+
+  // Build env from root-level tokens if no env section
+  const env: Record<string, string> = {};
+
+  // Check for OAuth tokens at root level
+  if (settings.oauthToken) {
+    env.ANTHROPIC_API_KEY = settings.oauthToken;
+  } else if (settings.oauth_token) {
+    env.ANTHROPIC_API_KEY = settings.oauth_token;
+  }
+  // Check for API keys at root level
+  else if (settings.apiKey) {
+    env.ANTHROPIC_API_KEY = settings.apiKey;
+  } else if (settings.api_key) {
+    env.ANTHROPIC_API_KEY = settings.api_key;
+  } else if (settings.primaryApiKey) {
+    env.ANTHROPIC_API_KEY = settings.primaryApiKey;
+  }
+
+  return Object.keys(env).length > 0 ? env : null;
+}

apps/server/src/providers/claude-provider.ts

@@ -3,6 +3,11 @@
  *
  * Wraps the @anthropic-ai/claude-agent-sdk for seamless integration
  * with the provider architecture.
+ *
+ * Supports authentication via:
+ * 1. ~/.claude/settings.json - Loads env variables from settings file
+ * 2. Claude CLI (via claude login) - uses OAuth tokens from ~/.claude/
+ * 3. Anthropic API Key - via ANTHROPIC_API_KEY env var or in-memory storage
  */
 
 import { query, type Options } from '@anthropic-ai/claude-agent-sdk';
@@ -13,6 +18,27 @@ import type {
   InstallationStatus,
   ModelDefinition,
 } from './types.js';
+import { getSettingsEnv, hasSettingsFileAuth } from '../lib/claude-settings.js';
+
+/**
+ * Helper to get Anthropic API key from in-memory storage.
+ * Used as fallback when no env var or settings file is available.
+ */
+function getInMemoryApiKey(): string | undefined {
+  // Try dynamic import of in-memory storage
+  try {
+    // Dynamic import to avoid circular dependency
+    const setupCommon = require('../routes/setup/common.js');
+    const apiKey = setupCommon.getApiKey?.('anthropic');
+    if (apiKey) {
+      return apiKey;
+    }
+  } catch {
+    // Setup routes not available
+  }
+
+  return undefined;
+}
 
 export class ClaudeProvider extends BaseProvider {
   getName(): string {
@@ -21,6 +47,9 @@ export class ClaudeProvider extends BaseProvider {
 
   /**
    * Execute a query using Claude Agent SDK
+   *
+   * Loads environment variables from ~/.claude/settings.json if available.
+   * This allows the SDK to use authentication tokens and other settings.
    */
   async *executeQuery(options: ExecuteOptions): AsyncGenerator<ProviderMessage> {
     const {
@@ -35,6 +64,46 @@ export class ClaudeProvider extends BaseProvider {
       sdkSessionId,
     } = options;
 
+    // Track original environment to restore later
+    const originalEnv: Record<string, string | undefined> = {};
+    const envKeysToRestore: string[] = [];
+
+    // Load settings from ~/.claude/settings.json
+    const settingsEnv = await getSettingsEnv();
+
+    // Set environment variables from settings file if available
+    if (settingsEnv) {
+      for (const [key, value] of Object.entries(settingsEnv)) {
+        // Save original value if it exists
+        if (key in process.env) {
+          originalEnv[key] = process.env[key];
+        }
+        envKeysToRestore.push(key);
+        // Set the environment variable
+        process.env[key] = value;
+      }
+      // Map ANTHROPIC_AUTH_TOKEN to ANTHROPIC_API_KEY if present
+      if (settingsEnv.ANTHROPIC_AUTH_TOKEN && !settingsEnv.ANTHROPIC_API_KEY) {
+        if ('ANTHROPIC_API_KEY' in process.env) {
+          originalEnv.ANTHROPIC_API_KEY = process.env.ANTHROPIC_API_KEY;
+        }
+        if (!envKeysToRestore.includes('ANTHROPIC_API_KEY')) {
+          envKeysToRestore.push('ANTHROPIC_API_KEY');
+        }
+        process.env.ANTHROPIC_API_KEY = settingsEnv.ANTHROPIC_AUTH_TOKEN;
+      }
+    }
+
+    // If no API key env var is set yet (from settings or original env), try in-memory storage
+    if (!process.env.ANTHROPIC_API_KEY) {
+      const inMemoryApiKey = getInMemoryApiKey();
+      if (inMemoryApiKey) {
+        originalEnv.ANTHROPIC_API_KEY = process.env.ANTHROPIC_API_KEY;
+        envKeysToRestore.push('ANTHROPIC_API_KEY');
+        process.env.ANTHROPIC_API_KEY = inMemoryApiKey;
+      }
+    }
+
     // Build Claude SDK options
     const defaultTools = ['Read', 'Write', 'Edit', 'Glob', 'Grep', 'Bash', 'WebSearch', 'WebFetch'];
     const toolsToUse = allowedTools || defaultTools;
@@ -92,6 +161,15 @@ export class ClaudeProvider extends BaseProvider {
     } catch (error) {
       console.error('[ClaudeProvider] executeQuery() error during execution:', error);
       throw error;
+    } finally {
+      // Restore original environment
+      for (const key of envKeysToRestore) {
+        if (originalEnv[key] !== undefined) {
+          process.env[key] = originalEnv[key];
+        } else {
+          delete process.env[key];
+        }
+      }
     }
   }
 
@@ -100,13 +178,25 @@ export class ClaudeProvider extends BaseProvider {
    */
   async detectInstallation(): Promise<InstallationStatus> {
     // Claude SDK is always available since it's a dependency
-    const hasApiKey = !!process.env.ANTHROPIC_API_KEY;
+    // Check for authentication from multiple sources
+    const hasEnvApiKey = !!process.env.ANTHROPIC_API_KEY;
+    const hasInMemoryApiKey = !!getInMemoryApiKey();
+    const hasSettingsAuth = await hasSettingsFileAuth();
+
+    // Authenticated if we have any auth source
+    const authenticated = hasEnvApiKey || hasInMemoryApiKey || hasSettingsAuth;
 
     const status: InstallationStatus = {
       installed: true,
       method: 'sdk',
-      hasApiKey,
-      authenticated: hasApiKey,
+      hasApiKey: hasEnvApiKey || hasInMemoryApiKey,
+      authenticated,
+      // Additional info about auth method
+      authMethod: hasSettingsAuth
+        ? 'settings_file'
+        : hasEnvApiKey || hasInMemoryApiKey
+          ? 'api_key'
+          : 'none',
     };
 
     return status;

apps/server/src/providers/types.ts

@@ -75,6 +75,7 @@ export interface InstallationStatus {
   method?: 'cli' | 'npm' | 'brew' | 'sdk';
   hasApiKey?: boolean;
   authenticated?: boolean;
+  authMethod?: 'settings_file' | 'api_key' | 'cli_authenticated' | 'oauth_token' | 'none';
   error?: string;
 }
 

apps/server/src/routes/setup/get-claude-status.ts

@@ -8,6 +8,7 @@ import os from 'os';
 import path from 'path';
 import fs from 'fs/promises';
 import { getApiKey } from './common.js';
+import { hasSettingsFileAuth } from '../../lib/claude-settings.js';
 
 const execAsync = promisify(exec);
 
@@ -90,13 +91,21 @@ export async function getClaudeStatus() {
     hasStoredOAuthToken: !!getApiKey('anthropic_oauth_token'),
     hasStoredApiKey: !!getApiKey('anthropic'),
     hasEnvApiKey: !!process.env.ANTHROPIC_API_KEY,
+    hasSettingsFileAuth: false, // NEW: Check for ~/.claude/settings.json with auth
     // Additional fields for detailed status
     oauthTokenValid: false,
     apiKeyValid: false,
     hasCliAuth: false,
     hasRecentActivity: false,
   };
 
+  // Check for ~/.claude/settings.json with auth token (highest priority for SDK usage)
+  auth.hasSettingsFileAuth = await hasSettingsFileAuth();
+  if (auth.hasSettingsFileAuth && !auth.authenticated) {
+    auth.authenticated = true;
+    auth.method = 'settings_file';
+  }
+
   const claudeDir = path.join(os.homedir(), '.claude');
 
   // Check for recent Claude CLI activity - indicates working authentication