fix(anthropic): API-key path skips OAuth autodiscovery + prunes stale entries

When the user picks 'Anthropic API key' at `hermes setup` (vs 'Claude Pro/Max subscription'), `save_anthropic_api_key()` writes ANTHROPIC_API_KEY to ~/.hermes/.env and zeros ANTHROPIC_TOKEN. That env-var pattern is the user's explicit choice of auth method — API key, not OAuth. But the anthropic credential pool's autodiscovery (_seed_from_singletons) unconditionally read ~/.claude/.credentials.json from the Claude Code CLI and any saved hermes_pkce creds, and added them to the SAME anthropic pool as the user's API key. Two problems: 1. Even with the API key at higher priority, a 401/429 on the API key would rotate the session onto an autodiscovered OAuth credential, silently flipping the agent into the Claude Code masquerade mid-conversation: 'You are Claude Code' system block, every tool renamed to mcp_*, claude-cli User-Agent header. 2. Switching OAuth → API key at `hermes setup` cleared the env vars but left previously-seeded OAuth entries dormant in auth.json, where rotation could revive them. The user picking the API-key path is explicitly opting OUT of the masquerade. Mixing OAuth credentials into their pool defeats that choice. Fix: in `_seed_from_singletons` for provider='anthropic', detect the API-key path (ANTHROPIC_API_KEY set in env, no OAuth env var set) and: - Skip calling read_claude_code_credentials() and read_hermes_oauth_credentials() entirely - Prune any stale hermes_pkce / claude_code entries that may already be in the on-disk pool OAuth-path users (ANTHROPIC_TOKEN set) are unaffected — autodiscovery continues to fire as before. Tests: 3 new regression tests (api-key skips autodiscovery, api-key prunes stale entries, oauth path still autodiscovers). Full file 70/70.
2026-06-07 08:02:23 +00:00 · 2026-05-25 15:28:01 -07:00 · 2026-05-25 15:28:01 -07:00 · e3236e99a4
commit e3236e99a4
parent 2c6bbaf352
2 changed files with 186 additions and 0 deletions
--- a/agent/credential_pool.py
+++ b/agent/credential_pool.py
@ -1527,6 +1527,48 @@ def _seed_from_singletons(provider: str, entries: List[PooledCredential]) -> Tup
        except ImportError:
            pass

+        # API-key vs OAuth is a user-visible choice at `hermes setup` ("Claude
+        # Pro/Max subscription" vs "Anthropic API key").  The signal that the
+        # user picked the API-key path is: ANTHROPIC_API_KEY set in the env,
+        # AND no OAuth env vars set — `save_anthropic_api_key()` writes the
+        # API key and zeros ANTHROPIC_TOKEN; `save_anthropic_oauth_token()`
+        # does the inverse.  When that signal is present we MUST NOT seed
+        # autodiscovered OAuth tokens (~/.claude/.credentials.json from the
+        # Claude Code CLI, hermes_pkce creds from a previous OAuth login)
+        # into the anthropic pool — otherwise rotation on a 401/429 silently
+        # flips the session onto an OAuth credential, which forces the Claude
+        # Code identity injection, `mcp_` tool-name rewrite, and claude-cli
+        # User-Agent header (`agent/anthropic_adapter.py:2128`).  Users who
+        # explicitly opted into the API-key path are explicitly opting OUT of
+        # that masquerade.  Prefer ~/.hermes/.env over os.environ for the
+        # same reason `_seed_from_env` does — that's the authoritative file
+        # that `hermes setup` writes.
+        _env_file = load_env()
+
+        def _env_val(key: str) -> str:
+            return (_env_file.get(key) or os.environ.get(key) or "").strip()
+
+        anthropic_api_key = _env_val("ANTHROPIC_API_KEY")
+        anthropic_oauth_env = (
+            _env_val("ANTHROPIC_TOKEN") or _env_val("CLAUDE_CODE_OAUTH_TOKEN")
+        )
+        api_key_path_explicit = bool(anthropic_api_key and not anthropic_oauth_env)
+
+        if api_key_path_explicit:
+            # Prune any stale autodiscovered OAuth entries that may have been
+            # seeded into the on-disk pool during a previous OAuth session.
+            # Without this, switching OAuth -> API key at setup leaves the
+            # OAuth entries dormant in auth.json forever and rotation on a
+            # transient 401 could revive them.
+            retained = [
+                entry for entry in entries
+                if entry.source not in {"hermes_pkce", "claude_code"}
+            ]
+            if len(retained) != len(entries):
+                entries[:] = retained
+                changed = True
+            return changed, active_sources
+
        from agent.anthropic_adapter import read_claude_code_credentials, read_hermes_oauth_credentials

        for source_name, creds in (