refactor: route custom Anthropic endpoint through OneCLI vault
The original approach passed ANTHROPIC_AUTH_TOKEN into the container
as an env var and disabled the proxy for the custom host (NO_PROXY) —
which works, but bypasses OneCLI entirely for that credential. The
container holds the raw secret, the gateway loses audit/rotation, and
we lose the rest of the vault's protections for this cohort.
OneCLI-native version: store the token as a generic secret with header
injection (--header-name Authorization --value-format 'Bearer {value}'
+ host-pattern matching the base URL hostname). The container only
needs ANTHROPIC_BASE_URL plus a placeholder ANTHROPIC_AUTH_TOKEN — the
proxy rewrites the Authorization header on the wire.
setup/lib/setup-config.ts — adds --anthropic-auth-token alongside the
existing --anthropic-base-url.
setup/auto.ts — runAuthStep short-circuits the auth-method prompt when
both NANOCLAW_ANTHROPIC_BASE_URL and NANOCLAW_ANTHROPIC_AUTH_TOKEN are
set: creates the OneCLI generic secret, writes ANTHROPIC_BASE_URL to
.env (so the runtime reads it), and appends `import './claude.js';` to
src/providers/index.ts (so the provider only registers when the user
has configured a custom endpoint — no branching for everyone else).
src/providers/claude.ts — drops ANTHROPIC_AUTH_TOKEN/NO_PROXY
passthrough. Reads ANTHROPIC_BASE_URL from .env, sets a placeholder
ANTHROPIC_AUTH_TOKEN in container env so the SDK includes an
Authorization header for OneCLI to overwrite.
src/providers/index.ts — removes the unconditional import; setup
appends it on demand.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
gavrielc
@@ -1,16 +1,28 @@
|
||||
/**
|
||||
* Claude provider container config — only registered when the user has
|
||||
* configured a custom Anthropic-compatible endpoint via setup. Setup
|
||||
* appends `import './claude.js'` to providers/index.ts at that point;
|
||||
* standard installs hitting api.anthropic.com don't need this file
|
||||
* loaded.
|
||||
*
|
||||
* The real auth token never enters the container. Setup creates an
|
||||
* OneCLI generic secret (host-pattern = base URL hostname, header-name
|
||||
* = Authorization, value-format = "Bearer {value}") so the proxy
|
||||
* rewrites the Authorization header on the wire. The container only
|
||||
* needs:
|
||||
* - ANTHROPIC_BASE_URL — so the SDK knows where to call
|
||||
* - ANTHROPIC_AUTH_TOKEN=placeholder — so the SDK adds an
|
||||
* Authorization: Bearer header for OneCLI to overwrite
|
||||
*/
|
||||
import { readEnvFile } from '../env.js';
|
||||
import { registerProviderContainerConfig } from './provider-container-registry.js';
|
||||
|
||||
registerProviderContainerConfig('claude', () => {
|
||||
const dotenv = readEnvFile(['ANTHROPIC_BASE_URL', 'ANTHROPIC_AUTH_TOKEN', 'CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC']);
|
||||
const dotenv = readEnvFile(['ANTHROPIC_BASE_URL']);
|
||||
const env: Record<string, string> = {};
|
||||
if (dotenv.ANTHROPIC_BASE_URL) {
|
||||
env.ANTHROPIC_BASE_URL = dotenv.ANTHROPIC_BASE_URL;
|
||||
const host = new URL(dotenv.ANTHROPIC_BASE_URL).hostname;
|
||||
env.NO_PROXY = host;
|
||||
env.no_proxy = host;
|
||||
env.ANTHROPIC_AUTH_TOKEN = 'placeholder';
|
||||
}
|
||||
if (dotenv.ANTHROPIC_AUTH_TOKEN) env.ANTHROPIC_AUTH_TOKEN = dotenv.ANTHROPIC_AUTH_TOKEN;
|
||||
if (dotenv.CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC) env.CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC = dotenv.CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC;
|
||||
return { env };
|
||||
});
|
||||
|
||||
@@ -4,4 +4,3 @@
|
||||
// needs (claude, mock) don't appear here.
|
||||
//
|
||||
// Skills add a new provider by appending one import line below.
|
||||
import './claude.js';
|
||||
|
||||
Reference in New Issue
Block a user