@efoo/ccprofile 0.1.2 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -3
- package/dist/lib/envrc.js +0 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -104,7 +104,6 @@ macOS Keychain service "ccprofile", one entry per profile (the sec
|
|
|
104
104
|
# profile: work
|
|
105
105
|
_ccprofile_token="$(security find-generic-password -w -s 'ccprofile' -a 'work' 2>/dev/null)"
|
|
106
106
|
export ANTHROPIC_AUTH_TOKEN="$_ccprofile_token"
|
|
107
|
-
unset CLAUDE_CODE_OAUTH_TOKEN
|
|
108
107
|
unset _ccprofile_token
|
|
109
108
|
# <<< ccprofile managed <<<
|
|
110
109
|
```
|
|
@@ -113,7 +112,6 @@ Notes:
|
|
|
113
112
|
|
|
114
113
|
- Tokens are written to the Keychain via `security -i` (stdin), so secrets never appear in `ps` output.
|
|
115
114
|
- The `.envrc` block is **self-contained**: direnv re-evaluates it on every directory entry, and it must stay fast and dependency-free. ccprofile is only needed for CRUD operations.
|
|
116
|
-
- Claude Code v2.1.199 treats `CLAUDE_CODE_OAUTH_TOKEN` as suitable for SDK/non-interactive automation, but interactive TUI sessions still consult `/login` account policy and quota. ccprofile therefore injects the same setup-token as `ANTHROPIC_AUTH_TOKEN`, which the interactive TUI uses as the active bearer token.
|
|
117
115
|
- Add `.envrc` to your project's `.gitignore` — it is machine-local.
|
|
118
116
|
|
|
119
117
|
## Limitations — the price of parallel accounts
|
|
@@ -123,7 +121,7 @@ ccprofile is built on `claude setup-token`, whose long-lived tokens are **delibe
|
|
|
123
121
|
- **No account identity introspection.** The token cannot answer "whose token is this?" — the OAuth profile endpoint rejects it (`user:profile` scope missing, see [#11985](https://github.com/anthropics/claude-code/issues/11985)). The `--email` you record is a self-declared label, not verified.
|
|
124
122
|
*Verify identity once, at registration time:* make sure the browser is logged into the intended claude.ai account before `claude setup-token`, then send a couple of prompts from a linked directory and confirm on claude.ai (web) that the intended account's usage moved.
|
|
125
123
|
- **`/status` → Usage tab shows no plan utilization** in token-authenticated sessions (same scope restriction). Check usage on claude.ai instead.
|
|
126
|
-
- **Remote Control is unavailable** in
|
|
124
|
+
- **Remote Control is unavailable** in linked directories. Claude Code treats `ANTHROPIC_AUTH_TOKEN` sessions as API-key authentication, while Remote Control requires claude.ai subscription authentication.
|
|
127
125
|
- **Tokens last up to 1 year but can die earlier** (password change, logout-all). The recorded expiry is a hint, not a guarantee — `ccprofile doctor` probes the server and tells live tokens apart from revoked ones.
|
|
128
126
|
- **Routing only applies to shell-launched processes.** direnv activates the token when a hooked shell enters the directory; apps launched outside a hooked shell (GUI launchers) bypass it.
|
|
129
127
|
- **Cloud provider auth wins silently.** Bedrock/Vertex/Foundry env vars outrank `ANTHROPIC_AUTH_TOKEN`; `ccprofile doctor` flags them.
|
package/dist/lib/envrc.js
CHANGED
|
@@ -14,7 +14,6 @@ export function renderBlock(profile, service, account) {
|
|
|
14
14
|
`# profile: ${profile}`,
|
|
15
15
|
`_ccprofile_token="$(security find-generic-password -w -s '${service}' -a '${account}' 2>/dev/null)"`,
|
|
16
16
|
`export ANTHROPIC_AUTH_TOKEN="$_ccprofile_token"`,
|
|
17
|
-
`unset CLAUDE_CODE_OAUTH_TOKEN`,
|
|
18
17
|
`unset _ccprofile_token`,
|
|
19
18
|
END,
|
|
20
19
|
"",
|
package/package.json
CHANGED