hermes-agent/tests/agent/test_anthropic_keychain.py
Chaz Dinkle 1dde7e2f2a fix(anthropic): adopt Claude Code's already-refreshed token before racing refresh
Claude Code OAuth refresh tokens are single-use; Claude Code refreshes on
its own schedule, so by the time Hermes notices an expired token Claude
Code may have already rotated it. Re-read live credential sources first and
adopt a valid token rather than POSTing a possibly-stale refresh token.

Ports the _refresh_oauth_token hardening from PR #40107 (chazmaniandinkle)
on top of the keychain/file reconciliation from PR #21112 (nodejun).
Adds AUTHOR_MAP entry for nodejun.
2026-06-27 19:14:43 -07:00

337 lines
15 KiB
Python

"""Tests for Bug #12905 fixes in agent/anthropic_adapter.py — macOS Keychain support."""
import json
from unittest.mock import patch, MagicMock
from agent.anthropic_adapter import (
_read_claude_code_credentials_from_keychain,
read_claude_code_credentials,
_refresh_oauth_token,
)
class TestReadClaudeCodeCredentialsFromKeychain:
"""Bug 4: macOS Keychain support for Claude Code >=2.1.114."""
def test_returns_none_on_linux(self):
"""Keychain reading is Darwin-only; must return None on other platforms."""
with patch("agent.anthropic_adapter.platform.system", return_value="Linux"):
assert _read_claude_code_credentials_from_keychain() is None
def test_returns_none_on_windows(self):
with patch("agent.anthropic_adapter.platform.system", return_value="Windows"):
assert _read_claude_code_credentials_from_keychain() is None
def test_returns_none_when_security_command_not_found(self):
"""OSError from missing security binary must be handled gracefully."""
with patch("agent.anthropic_adapter.platform.system", return_value="Darwin"), \
patch("agent.anthropic_adapter.subprocess.run",
side_effect=OSError("security not found")):
assert _read_claude_code_credentials_from_keychain() is None
def test_returns_none_on_nonzero_exit_code(self):
"""security returns non-zero when the Keychain entry doesn't exist."""
with patch("agent.anthropic_adapter.platform.system", return_value="Darwin"), \
patch("agent.anthropic_adapter.subprocess.run") as mock_run:
mock_run.return_value = MagicMock(returncode=1, stdout="", stderr="")
assert _read_claude_code_credentials_from_keychain() is None
def test_returns_none_for_empty_stdout(self):
with patch("agent.anthropic_adapter.platform.system", return_value="Darwin"), \
patch("agent.anthropic_adapter.subprocess.run") as mock_run:
mock_run.return_value = MagicMock(returncode=0, stdout="", stderr="")
assert _read_claude_code_credentials_from_keychain() is None
def test_returns_none_for_non_json_payload(self):
with patch("agent.anthropic_adapter.platform.system", return_value="Darwin"), \
patch("agent.anthropic_adapter.subprocess.run") as mock_run:
mock_run.return_value = MagicMock(returncode=0, stdout="not valid json", stderr="")
assert _read_claude_code_credentials_from_keychain() is None
def test_returns_none_when_password_field_is_missing_claude_ai_oauth(self):
with patch("agent.anthropic_adapter.platform.system", return_value="Darwin"), \
patch("agent.anthropic_adapter.subprocess.run") as mock_run:
mock_run.return_value = MagicMock(
returncode=0,
stdout=json.dumps({"someOtherService": {"accessToken": "tok"}}),
stderr="",
)
assert _read_claude_code_credentials_from_keychain() is None
def test_returns_none_when_access_token_is_empty(self):
with patch("agent.anthropic_adapter.platform.system", return_value="Darwin"), \
patch("agent.anthropic_adapter.subprocess.run") as mock_run:
mock_run.return_value = MagicMock(
returncode=0,
stdout=json.dumps({"claudeAiOauth": {"accessToken": "", "refreshToken": "x"}}),
stderr="",
)
assert _read_claude_code_credentials_from_keychain() is None
def test_parses_valid_keychain_entry(self):
with patch("agent.anthropic_adapter.platform.system", return_value="Darwin"), \
patch("agent.anthropic_adapter.subprocess.run") as mock_run:
mock_run.return_value = MagicMock(
returncode=0,
stdout=json.dumps({
"claudeAiOauth": {
"accessToken": "kc-access-token-abc",
"refreshToken": "kc-refresh-token-xyz",
"expiresAt": 9999999999999,
}
}),
stderr="",
)
creds = _read_claude_code_credentials_from_keychain()
assert creds is not None
assert creds["accessToken"] == "kc-access-token-abc"
assert creds["refreshToken"] == "kc-refresh-token-xyz"
assert creds["expiresAt"] == 9999999999999
assert creds["source"] == "macos_keychain"
class TestReadClaudeCodeCredentialsPriority:
"""Bug 4: Keychain must be checked before the JSON file."""
def test_keychain_takes_priority_over_json_file(self, tmp_path, monkeypatch):
"""When both Keychain and JSON file have credentials, Keychain wins."""
# Set up JSON file with "older" token
json_cred_file = tmp_path / ".claude" / ".credentials.json"
json_cred_file.parent.mkdir(parents=True)
json_cred_file.write_text(json.dumps({
"claudeAiOauth": {
"accessToken": "json-token",
"refreshToken": "json-refresh",
"expiresAt": 9999999999999,
}
}))
monkeypatch.setattr("agent.anthropic_adapter.Path.home", lambda: tmp_path)
# Mock Keychain to return a "newer" token
with patch("agent.anthropic_adapter.platform.system", return_value="Darwin"), \
patch("agent.anthropic_adapter.subprocess.run") as mock_run:
mock_run.return_value = MagicMock(
returncode=0,
stdout=json.dumps({
"claudeAiOauth": {
"accessToken": "keychain-token",
"refreshToken": "keychain-refresh",
"expiresAt": 9999999999999,
}
}),
stderr="",
)
creds = read_claude_code_credentials()
# Keychain token should be returned, not JSON file token
assert creds is not None
assert creds["accessToken"] == "keychain-token"
assert creds["source"] == "macos_keychain"
def test_falls_back_to_json_when_keychain_returns_none(self, tmp_path, monkeypatch):
"""When Keychain has no entry, JSON file is used as fallback."""
json_cred_file = tmp_path / ".claude" / ".credentials.json"
json_cred_file.parent.mkdir(parents=True)
json_cred_file.write_text(json.dumps({
"claudeAiOauth": {
"accessToken": "json-fallback-token",
"refreshToken": "json-refresh",
"expiresAt": 9999999999999,
}
}))
monkeypatch.setattr("agent.anthropic_adapter.Path.home", lambda: tmp_path)
with patch("agent.anthropic_adapter.platform.system", return_value="Darwin"), \
patch("agent.anthropic_adapter.subprocess.run") as mock_run:
# Simulate Keychain entry not found
mock_run.return_value = MagicMock(returncode=1, stdout="", stderr="")
creds = read_claude_code_credentials()
assert creds is not None
assert creds["accessToken"] == "json-fallback-token"
assert creds["source"] == "claude_code_credentials_file"
def test_returns_none_when_neither_keychain_nor_json_has_creds(self, tmp_path, monkeypatch):
"""No credentials anywhere — must return None cleanly."""
monkeypatch.setattr("agent.anthropic_adapter.Path.home", lambda: tmp_path)
with patch("agent.anthropic_adapter.platform.system", return_value="Darwin"), \
patch("agent.anthropic_adapter.subprocess.run") as mock_run:
mock_run.return_value = MagicMock(returncode=1, stdout="", stderr="")
creds = read_claude_code_credentials()
assert creds is None
class TestReadClaudeCodeCredentialsDesync:
"""Reconciliation when Keychain and JSON file disagree.
Observed in the wild on Claude Code 2.1.x: a refresh updates one source
(commonly the JSON file) but leaves the other holding an expired token.
The reader must not blindly return whichever source it consulted first;
it must prefer the non-expired credential.
"""
# Far-future ms-epoch — comfortably valid under is_claude_code_token_valid.
_FRESH = 9_999_999_999_999
# Past ms-epoch — comfortably expired (with the 60s buffer).
_EXPIRED = 1
def _setup(self, tmp_path, monkeypatch, *, file_expires_at, file_token="json-token"):
json_cred_file = tmp_path / ".claude" / ".credentials.json"
json_cred_file.parent.mkdir(parents=True)
json_cred_file.write_text(json.dumps({
"claudeAiOauth": {
"accessToken": file_token,
"refreshToken": "json-refresh",
"expiresAt": file_expires_at,
}
}))
monkeypatch.setattr("agent.anthropic_adapter.Path.home", lambda: tmp_path)
def _keychain_payload(self, *, access_token, expires_at, refresh_token="kc-refresh"):
return MagicMock(
returncode=0,
stdout=json.dumps({
"claudeAiOauth": {
"accessToken": access_token,
"refreshToken": refresh_token,
"expiresAt": expires_at,
}
}),
stderr="",
)
def test_keychain_expired_file_fresh_returns_file(self, tmp_path, monkeypatch):
"""Regression: when the Keychain holds an expired token but the JSON
file has a valid one, callers must receive the valid file token rather
than None. (Pre-fix behavior returned the expired Keychain token, and
downstream validity checks then yielded None — surfacing the misleading
``No Anthropic credentials found`` error.)
"""
self._setup(tmp_path, monkeypatch, file_expires_at=self._FRESH, file_token="fresh-file-token")
with patch("agent.anthropic_adapter.platform.system", return_value="Darwin"), \
patch("agent.anthropic_adapter.subprocess.run") as mock_run:
mock_run.return_value = self._keychain_payload(
access_token="stale-keychain-token", expires_at=self._EXPIRED,
)
creds = read_claude_code_credentials()
assert creds is not None
assert creds["accessToken"] == "fresh-file-token"
assert creds["source"] == "claude_code_credentials_file"
def test_keychain_fresh_file_expired_returns_keychain(self, tmp_path, monkeypatch):
"""Mirror case: file is the stale source; Keychain wins on validity."""
self._setup(tmp_path, monkeypatch, file_expires_at=self._EXPIRED, file_token="stale-file-token")
with patch("agent.anthropic_adapter.platform.system", return_value="Darwin"), \
patch("agent.anthropic_adapter.subprocess.run") as mock_run:
mock_run.return_value = self._keychain_payload(
access_token="fresh-keychain-token", expires_at=self._FRESH,
)
creds = read_claude_code_credentials()
assert creds is not None
assert creds["accessToken"] == "fresh-keychain-token"
assert creds["source"] == "macos_keychain"
def test_both_valid_prefers_later_expiry_when_file_is_fresher(self, tmp_path, monkeypatch):
"""When both are valid, the one with the later ``expiresAt`` wins so
that any subsequent refresh uses the freshest ``refresh_token``.
"""
self._setup(tmp_path, monkeypatch, file_expires_at=self._FRESH, file_token="newer-file-token")
with patch("agent.anthropic_adapter.platform.system", return_value="Darwin"), \
patch("agent.anthropic_adapter.subprocess.run") as mock_run:
mock_run.return_value = self._keychain_payload(
access_token="older-keychain-token", expires_at=self._FRESH - 1_000_000,
)
creds = read_claude_code_credentials()
assert creds is not None
assert creds["accessToken"] == "newer-file-token"
def test_both_expired_prefers_later_expiry(self, tmp_path, monkeypatch):
"""When both are expired, return the one with the later ``expiresAt``;
its ``refresh_token`` is the most recently issued and most likely to
succeed at the OAuth refresh endpoint.
"""
self._setup(tmp_path, monkeypatch, file_expires_at=self._EXPIRED + 5, file_token="newer-expired-file")
with patch("agent.anthropic_adapter.platform.system", return_value="Darwin"), \
patch("agent.anthropic_adapter.subprocess.run") as mock_run:
mock_run.return_value = self._keychain_payload(
access_token="older-expired-keychain", expires_at=self._EXPIRED,
)
creds = read_claude_code_credentials()
assert creds is not None
assert creds["accessToken"] == "newer-expired-file"
class TestRefreshOAuthTokenAdoptsFreshCredential:
"""``_refresh_oauth_token`` should adopt a credential Claude Code has
already refreshed rather than POSTing a (possibly already-rotated)
single-use refresh token and racing Claude Code into ``invalid_grant``.
"""
_FRESH = 9_999_999_999_999
def test_adopts_already_refreshed_token_without_posting(self, monkeypatch):
"""When a live source already holds a valid token, return it and skip
the network refresh entirely.
"""
fresh = {
"accessToken": "already-refreshed-token",
"refreshToken": "live-refresh",
"expiresAt": self._FRESH,
}
monkeypatch.setattr(
"agent.anthropic_adapter.read_claude_code_credentials",
lambda: fresh,
)
def _should_not_be_called(*args, **kwargs): # pragma: no cover - guard
raise AssertionError("refresh_anthropic_oauth_pure must not be called")
monkeypatch.setattr(
"agent.anthropic_adapter.refresh_anthropic_oauth_pure",
_should_not_be_called,
)
# Stale creds passed in by the caller — should be ignored in favor
# of the live, already-refreshed token.
result = _refresh_oauth_token({"refreshToken": "stale", "expiresAt": 1})
assert result == "already-refreshed-token"
def test_falls_back_to_network_refresh_when_no_fresh_credential(self, monkeypatch):
"""When no live source has a valid token, fall back to refreshing
ourselves using the freshest available refresh token.
"""
# Live read returns an expired credential carrying a refresh token.
monkeypatch.setattr(
"agent.anthropic_adapter.read_claude_code_credentials",
lambda: {"accessToken": "expired", "refreshToken": "live-refresh", "expiresAt": 1},
)
captured = {}
def _fake_refresh(refresh_token, **kwargs):
captured["refresh_token"] = refresh_token
return {
"access_token": "newly-minted",
"refresh_token": "rotated",
"expires_at_ms": self._FRESH,
}
monkeypatch.setattr(
"agent.anthropic_adapter.refresh_anthropic_oauth_pure", _fake_refresh
)
monkeypatch.setattr(
"agent.anthropic_adapter._write_claude_code_credentials",
lambda *a, **k: None,
)
result = _refresh_oauth_token({"refreshToken": "caller-refresh", "expiresAt": 1})
assert result == "newly-minted"
# Prefers the live source's refresh token over the caller's stale copy.
assert captured["refresh_token"] == "live-refresh"