Skip to content

Fix Claude startup keychain pre-alert and single prompt flow#311

Closed
ratulsarna wants to merge 4 commits intomainfrom
fix-double-keychain-prompt-startup
Closed

Fix Claude startup keychain pre-alert and single prompt flow#311
ratulsarna wants to merge 4 commits intomainfrom
fix-double-keychain-prompt-startup

Conversation

@ratulsarna
Copy link
Collaborator

Summary

  • Fixes Claude OAuth startup bootstrap keychain flow so pre-alert is shown deterministically before startup keychain access.
  • Keeps startup to a single interactive keychain attempt per load invocation.
  • Removes startup pre-alert dependence on preflight outcome to avoid missing pre-alerts on setups where no-UI reads can still trigger system prompts.
  • Preserves background sync behavior from fix(claude): sync OAuth cache on keychain changes #305 (no changes to sync policy/gating).

Root cause

On some macOS/keychain setups, the first no-UI keychain read can still present the system prompt.
Our previous logic showed the in-app pre-alert only when transitioning to the interactive fallback path, so users could still see a system prompt without any pre-alert.

Changes

  • Sources/CodexBarCore/Providers/Claude/ClaudeOAuth/ClaudeOAuthCredentials.swift
    • Introduces bootstrap-specific keychain read helper flow with:
      • pre-alert shown before startup keychain access
      • silent-first read retained
      • at-most-one interactive attempt per bootstrap load
    • Adds focused startup diagnostics (silent success, interactive transition, interactive failure).
  • Tests/CodexBarTests/ClaudeOAuthCredentialsStoreTests.swift
    • Updates/adds tests for:
      • pre-alert shown before startup keychain access
      • pre-alert on interactive transition
      • pre-alert behavior independent of preflight outcome
      • at-most-one interactive attempt per bootstrap load

Validation

  • swift test
  • swift test --filter ClaudeOAuthCredentialsStoreTests
  • pnpm check
  • ./Scripts/compile_and_run.sh

@ratulsarna
Copy link
Collaborator Author

Closing this PR for now. After end-to-end validation, this branch did not deliver deterministic Claude keychain UX (we still observed repeated startup prompts and inconsistent pre-alert behavior), and it added substantial complexity without a net reliability gain. We have moved back to main and updated keychain documentation to reflect current behavior. We can revisit with a narrower, fresh design if we choose to tackle this again.

@ratulsarna ratulsarna closed this Feb 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant