eeymoo/claw-code
1
0
Fork 0
mirror of https://github.com/instructkr/claw-code.git synced 2026-04-12 11:04:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

Align auth docs with the removed login/logout surface

Browse Source 
The ROADMAP #37 code path was correct, but the Rust and usage guides still
advertised `claw login` / `claw logout` and OAuth-login wording after the
command surface had been removed. This follow-up updates both docs to point
users at `ANTHROPIC_API_KEY` or `ANTHROPIC_AUTH_TOKEN` only and removes the
stale command examples.

Constraint: Prior follow-up review rejected the closeout until user-facing auth docs matched the landed behavior
Rejected: Leave docs stale because runtime behavior was already correct | contradicts shipped CLI and re-opens support confusion
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: When auth policy changes, update both rust/README.md and USAGE.md in the same change as the code surface
Tested: cargo fmt --all --check; cargo clippy --workspace --all-targets -- -D warnings; cargo test --workspace
Not-tested: External rendered-doc consumers beyond repository markdown
This commit is contained in:
Yeachan-Heo
2026-04-11 17:28:47 +00:00
parent 124e8661ed
commit 0082bf1640
2 changed files with 11 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
USAGE.md
View File

@@ -21,7 +21,7 @@ cargo build --workspace
- Rust toolchain with `cargo` - Rust toolchain with `cargo`
- One of: - One of:
- `ANTHROPIC_API_KEY` for direct API access - `ANTHROPIC_API_KEY` for direct API access
- `claw login` for OAuth-based auth - `ANTHROPIC_AUTH_TOKEN` for bearer-token auth
- Optional: `ANTHROPIC_BASE_URL` when targeting a proxy or local service - Optional: `ANTHROPIC_BASE_URL` when targeting a proxy or local service
## Install / build the workspace ## Install / build the workspace
@@ -105,8 +105,7 @@ export ANTHROPIC_API_KEY="sk-ant-..."
```bash ```bash
cd rust cd rust
./target/debug/claw login export ANTHROPIC_AUTH_TOKEN="anthropic-oauth-or-proxy-bearer-token"
./target/debug/claw logout
``` ```
### Which env var goes where ### Which env var goes where
@@ -116,7 +115,7 @@ cd rust
| Credential shape | Env var | HTTP header | Typical source | | Credential shape | Env var | HTTP header | Typical source |
|---|---|---|---| |---|---|---|---|
| `sk-ant-*` API key | `ANTHROPIC_API_KEY` | `x-api-key: sk-ant-...` | [console.anthropic.com](https://console.anthropic.com) | | `sk-ant-*` API key | `ANTHROPIC_API_KEY` | `x-api-key: sk-ant-...` | [console.anthropic.com](https://console.anthropic.com) |
| OAuth access token (opaque) | `ANTHROPIC_AUTH_TOKEN` | `Authorization: Bearer ...` | `claw login` or an Anthropic-compatible proxy that mints Bearer tokens | | OAuth access token (opaque) | `ANTHROPIC_AUTH_TOKEN` | `Authorization: Bearer ...` | an Anthropic-compatible proxy or OAuth flow that mints bearer tokens |
| OpenRouter key (`sk-or-v1-*`) | `OPENAI_API_KEY` + `OPENAI_BASE_URL=https://openrouter.ai/api/v1` | `Authorization: Bearer ...` | [openrouter.ai/keys](https://openrouter.ai/keys) | | OpenRouter key (`sk-or-v1-*`) | `OPENAI_API_KEY` + `OPENAI_BASE_URL=https://openrouter.ai/api/v1` | `Authorization: Bearer ...` | [openrouter.ai/keys](https://openrouter.ai/keys) |
**Why this matters:** if you paste an `sk-ant-*` key into `ANTHROPIC_AUTH_TOKEN`, Anthropic's API will return `401 Invalid bearer token` because `sk-ant-*` keys are rejected over the Bearer header. The fix is a one-line env var swap — move the key to `ANTHROPIC_API_KEY`. Recent `claw` builds detect this exact shape (401 + `sk-ant-*` in the Bearer slot) and append a hint to the error message pointing at the fix. **Why this matters:** if you paste an `sk-ant-*` key into `ANTHROPIC_AUTH_TOKEN`, Anthropic's API will return `401 Invalid bearer token` because `sk-ant-*` keys are rejected over the Bearer header. The fix is a one-line env var swap — move the key to `ANTHROPIC_API_KEY`. Recent `claw` builds detect this exact shape (401 + `sk-ant-*` in the Bearer slot) and append a hint to the error message pointing at the fix.
@@ -125,7 +124,7 @@ cd rust
## Local Models ## Local Models
`claw` can talk to local servers and provider gateways through either Anthropic-compatible or OpenAI-compatible endpoints. Use `ANTHROPIC_BASE_URL` with `ANTHROPIC_AUTH_TOKEN` for Anthropic-compatible services, or `OPENAI_BASE_URL` with `OPENAI_API_KEY` for OpenAI-compatible services. OAuth is Anthropic-only, so when `OPENAI_BASE_URL` is set you should use API-key style auth instead of `claw login`. `claw` can talk to local servers and provider gateways through either Anthropic-compatible or OpenAI-compatible endpoints. Use `ANTHROPIC_BASE_URL` with `ANTHROPIC_AUTH_TOKEN` for Anthropic-compatible services, or `OPENAI_BASE_URL` with `OPENAI_API_KEY` for OpenAI-compatible services.
### Anthropic-compatible endpoint ### Anthropic-compatible endpoint
@@ -192,7 +191,7 @@ Reasoning variants (`qwen-qwq-*`, `qwq-*`, `*-thinking`) automatically strip `te
| Provider | Protocol | Auth env var(s) | Base URL env var | Default base URL | | Provider | Protocol | Auth env var(s) | Base URL env var | Default base URL |
|---|---|---|---|---| |---|---|---|---|---|
| **Anthropic** (direct) | Anthropic Messages API | `ANTHROPIC_API_KEY` or `ANTHROPIC_AUTH_TOKEN` or OAuth (`claw login`) | `ANTHROPIC_BASE_URL` | `https://api.anthropic.com` | | **Anthropic** (direct) | Anthropic Messages API | `ANTHROPIC_API_KEY` or `ANTHROPIC_AUTH_TOKEN` | `ANTHROPIC_BASE_URL` | `https://api.anthropic.com` |
| **xAI** | OpenAI-compatible | `XAI_API_KEY` | `XAI_BASE_URL` | `https://api.x.ai/v1` | | **xAI** | OpenAI-compatible | `XAI_API_KEY` | `XAI_BASE_URL` | `https://api.x.ai/v1` |
| **OpenAI-compatible** | OpenAI Chat Completions | `OPENAI_API_KEY` | `OPENAI_BASE_URL` | `https://api.openai.com/v1` | | **OpenAI-compatible** | OpenAI Chat Completions | `OPENAI_API_KEY` | `OPENAI_BASE_URL` | `https://api.openai.com/v1` |
| **DashScope** (Alibaba) | OpenAI-compatible | `DASHSCOPE_API_KEY` | `DASHSCOPE_BASE_URL` | `https://dashscope.aliyuncs.com/compatible-mode/v1` | | **DashScope** (Alibaba) | OpenAI-compatible | `DASHSCOPE_API_KEY` | `DASHSCOPE_BASE_URL` | `https://dashscope.aliyuncs.com/compatible-mode/v1` |

14
rust/README.md
View File

@@ -34,10 +34,10 @@ export ANTHROPIC_API_KEY="sk-ant-..."
export ANTHROPIC_BASE_URL="https://your-proxy.com" export ANTHROPIC_BASE_URL="https://your-proxy.com"
``` ```
Or authenticate via OAuth and let the CLI persist credentials locally: Or provide an OAuth bearer token directly:
```bash ```bash
cargo run -p rusty-claude-cli -- login export ANTHROPIC_AUTH_TOKEN="anthropic-oauth-or-proxy-bearer-token"
``` ```
## Mock parity harness ## Mock parity harness
@@ -80,7 +80,7 @@ Primary artifacts:
| Feature | Status | | Feature | Status |
|---------|--------| |---------|--------|
| Anthropic / OpenAI-compatible provider flows + streaming | ✅ | | Anthropic / OpenAI-compatible provider flows + streaming | ✅ |
| OAuth login/logout | ✅ | | Direct bearer-token auth via `ANTHROPIC_AUTH_TOKEN` | ✅ |
| Interactive REPL (rustyline) | ✅ | | Interactive REPL (rustyline) | ✅ |
| Tool system (bash, read, write, edit, grep, glob) | ✅ | | Tool system (bash, read, write, edit, grep, glob) | ✅ |
| Web tools (search, fetch) | ✅ | | Web tools (search, fetch) | ✅ |
@@ -141,8 +141,6 @@ Top-level commands:
mcp mcp
skills skills
system-prompt system-prompt
login
logout
init init
``` ```
@@ -159,8 +157,8 @@ Tab completion expands slash commands, model aliases, permission modes, and rece
The REPL now exposes a much broader surface than the original minimal shell: The REPL now exposes a much broader surface than the original minimal shell:
- session / visibility: `/help`, `/status`, `/sandbox`, `/cost`, `/resume`, `/session`, `/version`, `/usage`, `/stats` - session / visibility: `/help`, `/status`, `/sandbox`, `/cost`, `/resume`, `/session`, `/version`, `/usage`, `/stats`
- workspace / git: `/compact`, `/clear`, `/config`, `/memory`, `/init`, `/diff`, `/commit`, `/pr`, `/issue`, `/export`, `/hooks`, `/files`, `/branch`, `/release-notes`, `/add-dir` - workspace / git: `/compact`, `/clear`, `/config`, `/memory`, `/init`, `/diff`, `/commit`, `/pr`, `/issue`, `/export`, `/hooks`, `/files`, `/release-notes`
- discovery / debugging: `/mcp`, `/agents`, `/skills`, `/doctor`, `/tasks`, `/context`, `/desktop`, `/ide` - discovery / debugging: `/mcp`, `/agents`, `/skills`, `/doctor`, `/tasks`, `/context`, `/desktop`
- automation / analysis: `/review`, `/advisor`, `/insights`, `/security-review`, `/subagent`, `/team`, `/telemetry`, `/providers`, `/cron`, and more - automation / analysis: `/review`, `/advisor`, `/insights`, `/security-review`, `/subagent`, `/team`, `/telemetry`, `/providers`, `/cron`, and more
- plugin management: `/plugin` (with aliases `/plugins`, `/marketplace`) - plugin management: `/plugin` (with aliases `/plugins`, `/marketplace`)
@@ -194,7 +192,7 @@ rust/
### Crate Responsibilities ### Crate Responsibilities
- **api** — provider clients, SSE streaming, request/response types, auth (API key + OAuth bearer), request-size/context-window preflight - **api** — provider clients, SSE streaming, request/response types, auth (`ANTHROPIC_API_KEY` + bearer-token support), request-size/context-window preflight
- **commands** — slash command definitions, parsing, help text generation, JSON/text command rendering - **commands** — slash command definitions, parsing, help text generation, JSON/text command rendering
- **compat-harness** — extracts tool/prompt manifests from upstream TS source - **compat-harness** — extracts tool/prompt manifests from upstream TS source
- **mock-anthropic-service** — deterministic `/v1/messages` mock for CLI parity tests and local harness runs - **mock-anthropic-service** — deterministic `/v1/messages` mock for CLI parity tests and local harness runs