Pause blocked background Claude CLI auth probes#2163
Conversation
|
Codex review: needs real behavior proof before merge. Reviewed July 15, 2026, 11:49 PM ET / July 16, 2026, 03:49 UTC. Summary Reproducibility: no. current broken-state reproduction is available, but pre-fix packaged-app logs attribute the prompt to the delegated Claude CLI security subprocess and current source clearly repeats that preflight after timeout. The original machine was repaired before the patched bundle could be exercised against the same state. Review metrics: 3 noteworthy metrics.
Root-cause cluster Members:
Proposal only: this assessment does not dispatch repair, suppress jobs, mutate sibling items, close, or merge anything. Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Proof guidance:
Risk before merge
Maintainer options:
Next step before merge
Maintainer decision needed
Security Review detailsBest possible solution: Adopt one coherent Claude background-auth policy that honors onlyOnUserAction before opaque CLI subprocesses start, retains coalescing and a short bounded cooldown only as defense-in-depth where background probes remain allowed, and validates prompt suppression plus explicit recovery in a packaged app. Do we have a high-confidence way to reproduce the issue? No current broken-state reproduction is available, but pre-fix packaged-app logs attribute the prompt to the delegated Claude CLI security subprocess and current source clearly repeats that preflight after timeout. The original machine was repaired before the patched bundle could be exercised against the same state. Is this the best way to solve the issue? Unclear: the cooldown is a bounded mitigation and preserves recovery paths, but enforcing the existing onlyOnUserAction policy before opaque subprocesses start is a more direct prevention path; maintainers should define how the two approaches compose. AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against d661c1c37d00. Label changesLabel justifications:
Evidence reviewedWhat I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
Review history (5 earlier review cycles)
|
b154b41 to
dbe477e
Compare
|
@clawsweeper re-review |
|
🦞🧹 I asked ClawSweeper to review this item again. Re-review progress:
|
|
Proof/status clarification for the current head
A fresh ClawSweeper review has been requested for the current head. |
|
Thank you @axhoff for the decisive With #2191 and #2195 now merged, the known background CLI preflight, delegated refresh, MCP-only discovery, and startup-bootstrap prompt routes are policy-blocked before they can launch under the default user-action-only policy. That makes the persisted 15-minute cooldown gate in this PR likely unnecessary. I’m keeping this PR open for now. If any background Claude auth probing still survives in the next release, a useful rescope would be just the probe-outcome classification/coalescing piece, without the persisted cooldown policy. Fresh release-build evidence from the surviving path would make that narrower follow-up easy to evaluate. |
Summary
claude auth status --jsonprobes instead of collapsing every result tofalse;loggedIn: falseresults are not cooled down, user-initiated/explicit CLI fetches and CLI runtime bypass the app-background gate, and successful auth/fetch paths clear the cooldown;Root cause and scope
In #2115, packaged-app unified logs identify
/usr/bin/securityas the process requestingClaude Code-credentials. That is the delegated Claude CLI path: CodexBar launchesclaude auth status --json, Claude invokessecurity, the modal prompt prevents the preflight from completing, CodexBar times it out after five seconds, and the next background refresh starts the cycle again.This complements #2137, which guards CodexBar's direct in-process Security.framework read for MCP-only credentials. It does not cover the child-process
/usr/bin/securityrequester seen here. #2102 repairs a different missing-credentials-file state, while #1742 introduced the auth-status preflight involved in this loop.The patch does not read, modify, or delete Keychain credentials and does not alter Claude authentication. The only persisted value is the cooldown expiry timestamp in
UserDefaults.Tests
swift test --filter ClaudeCLIAuthswift test --filter ClaudeBaselineCharacterizationTestsswift test --filter ClaudeCLIAuthPreflightGateTests— 4/4 passed, including persistence reload/expirymake check— passed (SwiftFormat and SwiftLint clean)make testwas also run locally. It progressed through the first nine groups, then stopped in the unrelatedClaudeOAuthCredentialsStoreCLIStorageOwnershipTests, which detected the host's real Claude credential/keychain state; the PR-focused and characterization suites above are green, and CI remains the clean-environment signal.Addresses #2115.
Diagnostic evidence: #2115 (comment)
Related: #2137, #2102, #1742