Skip to content

fix(agents-login): make Claude subscription login reach the authorize URL reliably#740

Merged
ExtraToast merged 1 commit into
mainfrom
fix/agents-login-claude-clean-home-and-login
Jun 26, 2026
Merged

fix(agents-login): make Claude subscription login reach the authorize URL reliably#740
ExtraToast merged 1 commit into
mainfrom
fix/agents-login-claude-clean-home-and-login

Conversation

@ExtraToast

Copy link
Copy Markdown
Owner

Problem

After the claudeai-login switch, Claude credential sessions hung at phase starting forever (UI: "Starting…"). Diagnosed from the worker logs + live probing against claude v2.1.186 in the cluster:

On the worker's persistent login HOME (/home/agent), leftover .claude/ state makes the CLI land on the idle logged-out REPL ("Not logged in · Run /login") after the trust prompt, instead of auto-launching the claudeai login wizard. The blind Enter-through then only submitted empty REPL prompts and never sent /login, so the authorize URL never appeared.

Confirmed live: from a clean home, claude reaches the authorize URL every time (scope includes user:profile ✓); from a stale home it sits on the REPL.

Fix (Claude path only)

  • Clean login home each attempt: remove stale ~/.claude + ~/.claude.json, then always (re)write the onboarding seed and the forceLoginMethod=claudeai managed-settings.
  • /login fallback: when the logged-out REPL is detected, send /login once (and stop the Enter-through). Plus a one-shot Enter for the "Select login method" chooser if forceLoginMethod doesn't auto-select.
  • Raise Enter-through to 10 sends @ 1000ms (onboarding screen count varies).

Codex path unchanged.

Tests

npm test (vitest --coverage): 102 tests pass, global branch coverage 83.52% (≥80%). New coverage for home-cleanup, the /login fallback, chooser Enter, and the new detectors.

Separate, pre-existing: Codex login fails due to broken IPv6 egress to auth.openai.com (pod IPv6 is ENETUNREACH; codex's reqwest tries IPv6 with no IPv4 fallback). Not a worker-code bug — tracked independently (image-level prefer-IPv4 / gai.conf).

🤖 Generated with Claude Code

… URL reliably

Claude login sessions hung at phase "starting" forever. On claude 2.1.186,
stale state in the worker's persistent login HOME makes the CLI land on the
idle logged-out REPL ("Not logged in · Run /login") after the trust prompt
instead of auto-launching the claudeai login wizard. The blind Enter-through
then only submitted empty REPL prompts and never sent /login, so the authorize
URL never appeared.

- Start each Claude login from a clean home: remove stale ~/.claude and
  ~/.claude.json, then always (re)write the onboarding seed + the
  forceLoginMethod=claudeai managed-settings. A clean home reliably reaches the
  authorize URL (confirmed live against 2.1.186 in-cluster).
- Add a one-shot /login fallback: when the logged-out REPL is detected, send
  `/login` (and stop the blind Enter-through). Add a one-shot Enter for the
  "Select login method" chooser in case forceLoginMethod does not auto-select.
- Raise the onboarding Enter-through to 10 sends at 1000ms (screen count varies).

Codex path is unchanged. (Codex login fails separately due to broken IPv6
egress to auth.openai.com — tracked independently.)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@ExtraToast ExtraToast merged commit e5c52e7 into main Jun 26, 2026
22 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant