fix: claude subprocess auth failure (exit code 1) when using HTTP proxy#230
Open
cccccccAi wants to merge 1 commit intoop7418:mainfrom
Open
fix: claude subprocess auth failure (exit code 1) when using HTTP proxy#230cccccccAi wants to merge 1 commit intoop7418:mainfrom
cccccccAi wants to merge 1 commit intoop7418:mainfrom
Conversation
问题: CodePilot 从 Dock/Finder 启动时,HTTPS_PROXY/HTTP_PROXY 不在 Electron 进程的 process.env 中,导致 claude 子进程无法出网, 向 Anthropic API 鉴权失败,返回 exit code 1, 表现为 is_error: true / input_tokens: 0。 此问题在使用代理上网的用户(中国大陆等地区)中普遍存在。 修复方案: 1. platform.ts — 新增 getClaudeOAuthTokenFromKeychain() 从 macOS Keychain 的 "Claude Code-credentials" 条目读取 OAuth accessToken,作为 ANTHROPIC_AUTH_TOKEN 的兜底来源。 支持通过 claude auth login(订阅用户)完成鉴权, 无需在 CodePilot 中单独配置 API Key。 2. claude-client.ts — 无 active provider 且无环境变量 token 时, 自动从 Keychain 读取 OAuth token 并注入 ANTHROPIC_AUTH_TOKEN, 确保 claude 子进程获得有效凭证。 复现步骤: - 安装 Claude Code CLI 并通过 claude auth login 登录(订阅用户) - 系统依赖代理上网(HTTPS_PROXY 设置在 .zshrc 而非系统偏好设置) - 从 Dock 启动 CodePilot(非终端启动) - 在 CodePilot 中发送消息 → 报错 exit code 1 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
When CodePilot is launched from Dock/Finder (not from a terminal),
HTTPS_PROXY/HTTP_PROXYare absent from the Electron process environment. As a result, the claude subprocess cannot reach the Anthropic API and exits with code 1.Symptoms:
is_error: true,input_tokens: 0,output_tokens: 0Affected users: Anyone using a system-level HTTP proxy to access the internet (common in mainland China and enterprise environments).
Root Cause
The proxy is typically defined in
~/.zshrc/~/.bashrc. WhileloadUserShellEnv()inelectron/main.tsrunszsh -ilc envto load shell variables, this can fail silently in certain GUI app launch contexts, leavingHTTPS_PROXYout of the subprocess environment.Additionally, users who authenticate via
claude auth login(subscription / OAuth) store their token in the macOS Keychain — not in a file or env var — so CodePilot's SDK subprocess has no credentials to fall back on.Fix
src/lib/platform.ts— AddgetClaudeOAuthTokenFromKeychain():Reads the OAuth
accessTokenfrom the macOS Keychain entry"Claude Code-credentials"(whereclaude auth loginstores credentials). Returnsnullon non-macOS or if not found.src/lib/claude-client.ts— Use Keychain token as fallback:When no active provider and no
ANTHROPIC_API_KEY/ANTHROPIC_AUTH_TOKENis present in the environment, automatically read the OAuth token from Keychain and inject it asANTHROPIC_AUTH_TOKENbefore spawning the claude subprocess.How to Reproduce
claude auth login(subscription user)export HTTPS_PROXY=http://your-proxy:portin~/.zshrcTesting
Verified locally: