#13484: feat(auth): restore Claude Code CLI OAuth credential sync
commands
agents
stale
Cluster:
Auth Improvements and Fixes
Re-adds Claude Code CLI integration that was removed in upstream commit 526303d9a. This restores the ability to authenticate using an existing Claude Code subscription (Claude Pro/Max) instead of manually pasting setup-tokens.
Changes:
- Re-add Claude CLI credential sync in external-cli-sync.ts
- Re-add bidirectional token refresh write-back in oauth.ts
- Re-add "Claude Code CLI" auth option in onboarding UI
- Re-add claude-cli auth handler in auth-choice.apply.anthropic.ts
- Remove claude-cli deprecation warning in doctor-auth.ts
- Pass allowKeychainPrompt options through store.ts
<!-- greptile_comment -->
<h2>Greptile Overview</h2>
<h3>Greptile Summary</h3>
This PR restores Claude Code CLI credential syncing for Anthropic auth by:
- syncing Claude CLI credentials into the auth profile store on load (`external-cli-sync.ts` / `store.ts`)
- writing refreshed Anthropic OAuth credentials back into Claude CLI storage during token refresh (`oauth.ts`)
- exposing a new onboarding auth choice (`claude-cli`) and updating hints in the auth-choice UI
- removing the prior “Claude CLI is deprecated” doctor warning
Key integration points are the auth store load/sync layer and the OAuth refresh path; both now interact with `cli-credentials.ts` for reading/writing Claude CLI credentials.
<h3>Confidence Score: 2/5</h3>
- Not safe to merge as-is due to a confirmed doctor-flow regression and likely macOS Keychain prompt behavior in non-auth commands.
- The doctor deprecated-profile removal logic is internally inconsistent (and contradicts its unit test), and the auth store load path can trigger Keychain prompts unexpectedly on macOS because `allowKeychainPrompt` isn’t plumbed through `loadAuthProfileStore()`. Both are concrete, user-visible issues that should be fixed before merge.
- src/commands/doctor-auth.ts, src/agents/auth-profiles/store.ts
<!-- greptile_other_comments_section -->
<sub>(2/5) Greptile learns from your feedback when you react with thumbs up/down!</sub>
<!-- /greptile_comment -->
Most Similar PRs
#2123: fix(auth): sync from Claude CLI keychain before OAuth refresh
by jorge123255 · 2026-01-26
86.2%
#7523: fix(auth): re-sync external CLI credentials on token revocation
by codeslayer44 · 2026-02-02
83.8%
#10492: fix(auth): store Anthropic setup-token as type:oauth for auto-refresh
by sparck75 · 2026-02-06
82.9%
#3196: docs: clarify auth-profiles.json format for Claude Max setup-tokens
by aadeina · 2026-01-28
79.8%
#8469: fix(auth): detect actual keychain account name when writing Claude ...
by adam-smeth · 2026-02-04
79.5%
#4550: fix: sync google-gemini-cli-auth tokens from external CLI (#3803)
by SalimBinYousuf1 · 2026-01-30
79.1%
#6400: fix: set correct mode for Anthropic OAuth auth (#2697)
by coupclawbot · 2026-02-01
78.1%
#21518: feat(auth): add Anthropic OAuth token refresh and fix external CLI ...
by maxtongwang · 2026-02-20
77.8%
#10961: feat: Support routingHint and improve URL routing for Anthropic (Cl...
by catveloper · 2026-02-07
77.1%
#8729: feat(auth): sync OpenAI Codex CLI credentials into auth store
by thosvesta · 2026-02-04
76.0%