mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-18 20:24:46 +00:00
f91de52f0d
* refactor: remove stale file-backed shims * fix: harden sqlite state ci boundaries * refactor: store matrix idb snapshots in sqlite * fix: satisfy rebased CI guardrails * refactor: store current conversation bindings in sqlite table * refactor: store tui last sessions in sqlite table * refactor: reset sqlite schema history * refactor: drop unshipped sqlite table migration * refactor: remove plugin index file rollback * refactor: drop unshipped sqlite sidecar migrations * refactor: remove runtime commitments kv migration * refactor: preserve kysely sync result types * refactor: drop unshipped sqlite schema migration table * test: keep session usage coverage sqlite-backed * refactor: keep sqlite migration doctor-only * refactor: isolate device legacy imports * refactor: isolate push voicewake legacy imports * refactor: isolate remaining runtime legacy imports * refactor: tighten sqlite migration guardrails * test: cover sqlite persisted enum parsing * refactor: isolate legacy update and tui imports * refactor: tighten sqlite state ownership * refactor: move legacy imports behind doctor * refactor: remove legacy session row lookup * refactor: canonicalize memory transcript locators * refactor: drop transcript path scope fallbacks * refactor: drop runtime legacy session delivery pruning * refactor: store tts prefs only in sqlite * refactor: remove cron store path runtime * refactor: use cron sqlite store keys * refactor: rename telegram message cache scope * refactor: read memory dreaming status from sqlite * refactor: rename cron status store key * refactor: stop remembering transcript file paths * test: use sqlite locators in agent fixtures * refactor: remove file-shaped commitments and cron store surfaces * refactor: keep compaction transcript handles out of session rows * refactor: derive transcript handles from session identity * refactor: derive runtime transcript handles * refactor: remove gateway session locator reads * refactor: remove transcript locator from session rows * refactor: store raw stream diagnostics in sqlite * refactor: remove file-shaped transcript rotation * refactor: hide legacy trajectory paths from runtime * refactor: remove runtime transcript file bridges * refactor: repair database-first rebase fallout * refactor: align tests with database-first state * refactor: remove transcript file handoffs * refactor: sync post-compaction memory by transcript scope * refactor: run codex app-server sessions by id * refactor: bind codex runtime state by session id * refactor: pass memory transcripts by sqlite scope * refactor: remove transcript locator cleanup leftovers * test: remove stale transcript file fixtures * refactor: remove transcript locator test helper * test: make cron sqlite keys explicit * test: remove cron runtime store paths * test: remove stale session file fixtures * test: use sqlite cron keys in diagnostics * refactor: remove runtime delivery queue backfill * test: drop fake export session file mocks * refactor: rename acp session read failure flag * refactor: rename acp row session key * refactor: remove session store test seams * refactor: move legacy session parser tests to doctor * refactor: reindex managed memory in place * refactor: drop stale session store wording * refactor: rename session row helpers * refactor: rename sqlite session entry modules * refactor: remove transcript locator leftovers * refactor: trim file-era audit wording * refactor: clean managed media through sqlite * fix: prefer explicit agent for exports * fix: use prepared agent for session resets * fix: canonicalize legacy codex binding import * test: rename state cleanup helper * docs: align backup docs with sqlite state * refactor: drop legacy Pi usage auth fallback * refactor: move legacy auth profile imports to doctor * refactor: keep Pi model discovery auth in memory * refactor: remove MSTeams legacy learning key fallback * refactor: store model catalog config in sqlite * refactor: use sqlite model catalog at runtime * refactor: remove model json compatibility aliases * refactor: store auth profiles in sqlite * refactor: seed copied auth profiles in sqlite * refactor: make auth profile runtime sqlite-addressed * refactor: migrate hermes secrets into sqlite auth store * refactor: move plugin install config migration to doctor * refactor: rename plugin index audit checks * test: drop auth file assumptions * test: remove legacy transcript file assertions * refactor: drop legacy cli session aliases * refactor: store skill uploads in sqlite * refactor: keep subagent attachments in sqlite vfs * refactor: drop subagent attachment cleanup state * refactor: move legacy session aliases to doctor * refactor: require node 24 for sqlite state runtime * refactor: move provider caches into sqlite state * fix: harden virtual agent filesystem * refactor: enforce database-first runtime state * refactor: rename compaction transcript rotation setting * test: clean sqlite refactor test types * refactor: consolidate sqlite runtime state * refactor: model session conversations in sqlite * refactor: stop deriving cron delivery from session keys * refactor: stop classifying sessions from key shape * refactor: hydrate announce targets from typed delivery * refactor: route heartbeat delivery from typed sqlite context * refactor: tighten typed sqlite session routing * refactor: remove session origin routing shadow * refactor: drop session origin shadow fixtures * perf: query sqlite vfs paths by prefix * refactor: use typed conversation metadata for sessions * refactor: prefer typed session routing metadata * refactor: require typed session routing metadata * refactor: resolve group tool policy from typed sessions * refactor: delete dead session thread info bridge * Show Codex subscription reset times in channel errors (#80456) * feat(plugin-sdk): consolidate session workflow APIs * fix(agents): allow read-only agent mount reads * [codex] refresh plugin regression fixtures * fix(agents): restore compaction gateway logs * test: tighten gateway startup assertions * Redact persisted secret-shaped payloads [AI] (#79006) * test: tighten device pair notify assertions * test: tighten hermes secret assertions * test: assert matrix client error shapes * test: assert config compat warnings * fix(heartbeat): remap cron-run exec events to session keys (#80214) * fix(codex): route btw through native side threads * fix(auth): accept friendly OpenAI order for Codex profiles * fix(codex): rotate auth profiles inside harness * fix: keep browser status page probe within timeout * test: assert agents add outputs * test: pin cron read status * fix(agents): avoid Pi resource discovery stalls Co-authored-by: dataCenter430 <titan032000@gmail.com> * fix: retire timed-out codex app-server clients * test: tighten qa lab runtime assertions * test: check security fix outputs * test: verify extension runtime messages * feat(wake): expose typed sessionKey on wake protocol + system event CLI * fix(gateway): await session_end during shutdown drain and track channel + compaction lifecycle paths (#57790) * test: guard talk consult call helper * fix(codex): scale context engine projection (#80761) * fix(codex): scale context engine projection * fix: document Codex context projection scaling * fix: document Codex context projection scaling * fix: document Codex context projection scaling * fix: document Codex context projection scaling * chore: align Codex projection changelog * chore: realign Codex projection changelog * fix: isolate Codex projection patch --------- Co-authored-by: Eva (agent) <eva+agent-78055@100yen.org> Co-authored-by: Josh Lehman <josh@martian.engineering> * refactor: move agent runtime state toward piless * refactor: remove cron session reaper * refactor: move session management to sqlite * refactor: finish database-first state migration * chore: refresh generated sqlite db types * refactor: remove stale file-backed shims * test: harden kysely type coverage # Conflicts: # .agents/skills/kysely-database-access/SKILL.md # src/infra/kysely-sync.types.test.ts # src/proxy-capture/store.sqlite.test.ts # src/state/openclaw-agent-db.test.ts # src/state/openclaw-state-db.test.ts * refactor: remove cron store path runtime * refactor: keep compaction transcript handles out of session rows * refactor: derive embedded transcripts from sqlite identity * refactor: remove embedded transcript locator handoff * refactor: remove runtime transcript file bridges * refactor: remove transcript file handoffs * refactor: remove MSTeams legacy learning key fallback * refactor: store model catalog config in sqlite * refactor: use sqlite model catalog at runtime # Conflicts: # docs/cli/secrets.md # docs/gateway/authentication.md # docs/gateway/secrets.md * fix: keep oauth sibling sync sqlite-local # Conflicts: # src/commands/onboard-auth.test.ts * refactor: remove task session store maintenance # Conflicts: # src/commands/tasks.ts * refactor: keep diagnostics in state sqlite * refactor: enforce database-first runtime state * refactor: consolidate sqlite runtime state * Show Codex subscription reset times in channel errors (#80456) * fix(codex): refresh subscription limit resets * fix(codex): format reset times for channels * Update CHANGELOG with latest changes and fixes Updated CHANGELOG with recent fixes and improvements. * fix(codex): keep command load failures on codex surface * fix(codex): format account rate limits as rows * fix(codex): summarize account limits as usage status * fix(codex): simplify account limit status * test: tighten subagent announce queue assertion * test: tighten session delete lifecycle assertions * test: tighten cron ops assertions * fix: track cron execution milestones * test: tighten hermes secret assertions * test: assert matrix sync store payloads * test: assert config compat warnings * fix(codex): align btw side thread semantics * fix(codex): honor codex fallback blocking * fix(agents): avoid Pi resource discovery stalls * test: tighten codex event assertions * test: tighten cron assertions * Fix Codex app-server OAuth harness auth * refactor: move agent runtime state toward piless * refactor: move device and push state to sqlite * refactor: move runtime json state imports to doctor * refactor: finish database-first state migration * chore: refresh generated sqlite db types * refactor: clarify cron sqlite store keys * refactor: remove stale file-backed shims * refactor: bind codex runtime state by session id * test: expect sqlite trajectory branch export * refactor: rename session row helpers * fix: keep legacy device identity import in doctor * refactor: enforce database-first runtime state * refactor: consolidate sqlite runtime state * build: align pi contract wrappers * chore: repair database-first rebase * refactor: remove session file test contracts * test: update gateway session expectations * refactor: stop routing from session compatibility shadows * refactor: stop persisting session route shadows * refactor: use typed delivery context in clients * refactor: stop echoing session route shadows * refactor: repair embedded runner rebase imports # Conflicts: # src/agents/pi-embedded-runner/run/attempt.tool-call-argument-repair.ts * refactor: align pi contract imports * refactor: satisfy kysely sync helper guard * refactor: remove file transcript bridge remnants * refactor: remove session locator compatibility * refactor: remove session file test contracts * refactor: keep rebase database-first clean * refactor: remove session file assumptions from e2e * docs: clarify database-first goal state * test: remove legacy store markers from sqlite runtime tests * refactor: remove legacy store assumptions from runtime seams * refactor: align sqlite runtime helper seams * test: update memory recall sqlite audit mock * refactor: align database-first runtime type seams * test: clarify doctor cron legacy store names * fix: preserve sqlite session route projections * test: fix copilot token cache test syntax * docs: update database-first proof status * test: align database-first test fixtures * docs: update database-first proof status * refactor: clean extension database-first drift * test: align agent session route proof * test: clarify doctor legacy path fixtures * chore: clean database-first changed checks * chore: repair database-first rebase markers * build: allow baileys git subdependency * chore: repair exp-vfs rebase drift * chore: finish exp-vfs rebase cleanup * chore: satisfy rebase lint drift * chore: fix qqbot rebase type seam * chore: fix rebase drift leftovers * fix: keep auth profile oauth secrets out of sqlite * fix: repair rebase drift tests * test: stabilize pairing request ordering * test: use source manifests in plugin contract checks * fix: restore gateway session metadata after rebase * fix: repair database-first rebase drift * fix: clean up database-first rebase fallout * test: stabilize line quick reply receipt time * fix: repair extension rebase drift * test: keep transcript redaction tests sqlite-backed * fix: carry injected transcript redaction through sqlite * chore: clean database branch rebase residue * fix: repair database branch CI drift * fix: repair database branch CI guard drift * fix: stabilize oauth tls preflight test * test: align database branch fast guards * test: repair build artifact boundary guards * chore: clean changelog rebase markers --------- Co-authored-by: pashpashpash <nik@vault77.ai> Co-authored-by: Eva <eva@100yen.org> Co-authored-by: stainlu <stainlu@newtype-ai.org> Co-authored-by: Jason Zhou <jason.zhou.design@gmail.com> Co-authored-by: Ruben Cuevas <hi@rubencu.com> Co-authored-by: Pavan Kumar Gondhi <pavangondhi@gmail.com> Co-authored-by: Shakker <shakkerdroid@gmail.com> Co-authored-by: Kaspre <36520309+Kaspre@users.noreply.github.com> Co-authored-by: dataCenter430 <titan032000@gmail.com> Co-authored-by: Kaspre <kaspre@gmail.com> Co-authored-by: pandadev66 <nova.full.stack@outlook.com> Co-authored-by: Eva <admin@100yen.org> Co-authored-by: Eva (agent) <eva+agent-78055@100yen.org> Co-authored-by: Josh Lehman <josh@martian.engineering> Co-authored-by: jeffjhunter <support@aipersonamethod.com>
395 lines
12 KiB
TypeScript
395 lines
12 KiB
TypeScript
import { execFileSync } from "node:child_process";
|
|
import crypto from "node:crypto";
|
|
import fs from "node:fs";
|
|
import os from "node:os";
|
|
import path from "node:path";
|
|
import { loadPersistedAuthProfileStore } from "../src/agents/auth-profiles/persisted.ts";
|
|
import { normalizeOptionalString } from "../src/shared/string-coerce.ts";
|
|
import { resolveOpenClawStateSqlitePath } from "../src/state/openclaw-state-db.paths.ts";
|
|
|
|
type Args = {
|
|
agentId: string;
|
|
reveal: boolean;
|
|
sessionKey?: string;
|
|
};
|
|
|
|
const mask = (value: string) => {
|
|
const compact = value.trim();
|
|
if (!compact) {
|
|
return "missing";
|
|
}
|
|
const edge = compact.length >= 12 ? 6 : 4;
|
|
return `${compact.slice(0, edge)}…${compact.slice(-edge)}`;
|
|
};
|
|
|
|
const parseArgs = (): Args => {
|
|
const args = process.argv.slice(2);
|
|
let agentId = "main";
|
|
let reveal = false;
|
|
let sessionKey: string | undefined;
|
|
|
|
for (let i = 0; i < args.length; i++) {
|
|
const arg = args[i];
|
|
if (arg === "--agent" && args[i + 1]) {
|
|
agentId = args[++i].trim() || "main";
|
|
continue;
|
|
}
|
|
if (arg === "--reveal") {
|
|
reveal = true;
|
|
continue;
|
|
}
|
|
if (arg === "--session-key" && args[i + 1]) {
|
|
sessionKey = normalizeOptionalString(args[++i]);
|
|
continue;
|
|
}
|
|
}
|
|
|
|
return { agentId, reveal, sessionKey };
|
|
};
|
|
|
|
const loadAuthProfiles = (agentId: string) => {
|
|
const stateRoot = process.env.OPENCLAW_STATE_DIR?.trim() || path.join(os.homedir(), ".openclaw");
|
|
const agentDir = path.join(stateRoot, "agents", agentId, "agent");
|
|
const store = loadPersistedAuthProfileStore(agentDir, {
|
|
env: { ...process.env, OPENCLAW_STATE_DIR: stateRoot },
|
|
}) as {
|
|
profiles?: Record<string, { provider?: string; type?: string; token?: string; key?: string }>;
|
|
} | null;
|
|
const authLocation = `${resolveOpenClawStateSqlitePath({ ...process.env, OPENCLAW_STATE_DIR: stateRoot })}#table/auth_profile_stores/${agentDir}`;
|
|
if (!store) {
|
|
throw new Error(`Missing SQLite auth store: ${authLocation}`);
|
|
}
|
|
return { authLocation, store };
|
|
};
|
|
|
|
const pickAnthropicTokens = (store: {
|
|
profiles?: Record<string, { provider?: string; type?: string; token?: string; key?: string }>;
|
|
}): Array<{ profileId: string; token: string }> => {
|
|
const profiles = store.profiles ?? {};
|
|
const found: Array<{ profileId: string; token: string }> = [];
|
|
for (const [id, cred] of Object.entries(profiles)) {
|
|
if (cred?.provider !== "anthropic") {
|
|
continue;
|
|
}
|
|
const token = cred.type === "token" ? cred.token?.trim() : undefined;
|
|
if (token) {
|
|
found.push({ profileId: id, token });
|
|
}
|
|
}
|
|
return found;
|
|
};
|
|
|
|
const fetchAnthropicOAuthUsage = async (token: string) => {
|
|
const res = await fetch("https://api.anthropic.com/api/oauth/usage", {
|
|
headers: {
|
|
Authorization: `Bearer ${token}`,
|
|
Accept: "application/json",
|
|
"anthropic-version": "2023-06-01",
|
|
"anthropic-beta": "oauth-2025-04-20",
|
|
"User-Agent": "openclaw-debug",
|
|
},
|
|
});
|
|
const text = await res.text();
|
|
return { status: res.status, contentType: res.headers.get("content-type"), text };
|
|
};
|
|
|
|
const readClaudeCliKeychain = (): {
|
|
accessToken: string;
|
|
expiresAt?: number;
|
|
scopes?: string[];
|
|
} | null => {
|
|
if (process.platform !== "darwin") {
|
|
return null;
|
|
}
|
|
try {
|
|
const raw = execFileSync(
|
|
"security",
|
|
["find-generic-password", "-s", "Claude Code-credentials", "-w"],
|
|
{ encoding: "utf8", stdio: ["ignore", "pipe", "ignore"], timeout: 5000 },
|
|
);
|
|
const parsed = JSON.parse(raw.trim()) as Record<string, unknown>;
|
|
const oauth = parsed?.claudeAiOauth as Record<string, unknown> | undefined;
|
|
if (!oauth || typeof oauth !== "object") {
|
|
return null;
|
|
}
|
|
const accessToken = oauth.accessToken;
|
|
if (typeof accessToken !== "string" || !accessToken.trim()) {
|
|
return null;
|
|
}
|
|
const expiresAt = typeof oauth.expiresAt === "number" ? oauth.expiresAt : undefined;
|
|
const scopes = Array.isArray(oauth.scopes)
|
|
? oauth.scopes.filter((v): v is string => typeof v === "string")
|
|
: undefined;
|
|
return { accessToken, expiresAt, scopes };
|
|
} catch {
|
|
return null;
|
|
}
|
|
};
|
|
|
|
const chromeServiceNameForPath = (cookiePath: string): string => {
|
|
if (cookiePath.includes("/Arc/")) {
|
|
return "Arc Safe Storage";
|
|
}
|
|
if (cookiePath.includes("/BraveSoftware/")) {
|
|
return "Brave Safe Storage";
|
|
}
|
|
if (cookiePath.includes("/Microsoft Edge/")) {
|
|
return "Microsoft Edge Safe Storage";
|
|
}
|
|
if (cookiePath.includes("/Chromium/")) {
|
|
return "Chromium Safe Storage";
|
|
}
|
|
return "Chrome Safe Storage";
|
|
};
|
|
|
|
const readKeychainPassword = (service: string): string | null => {
|
|
try {
|
|
const out = execFileSync("security", ["find-generic-password", "-w", "-s", service], {
|
|
encoding: "utf8",
|
|
stdio: ["ignore", "pipe", "ignore"],
|
|
timeout: 5000,
|
|
});
|
|
const pw = out.trim();
|
|
return pw ? pw : null;
|
|
} catch {
|
|
return null;
|
|
}
|
|
};
|
|
|
|
const decryptChromeCookieValue = (encrypted: Buffer, service: string): string | null => {
|
|
if (encrypted.length < 4) {
|
|
return null;
|
|
}
|
|
const prefix = encrypted.subarray(0, 3).toString("utf8");
|
|
if (prefix !== "v10" && prefix !== "v11") {
|
|
return null;
|
|
}
|
|
|
|
const password = readKeychainPassword(service);
|
|
if (!password) {
|
|
return null;
|
|
}
|
|
|
|
const key = crypto.pbkdf2Sync(password, "saltysalt", 1003, 16, "sha1");
|
|
const iv = Buffer.alloc(16, 0x20);
|
|
const data = encrypted.subarray(3);
|
|
|
|
try {
|
|
const decipher = crypto.createDecipheriv("aes-128-cbc", key, iv);
|
|
decipher.setAutoPadding(true);
|
|
const decrypted = Buffer.concat([decipher.update(data), decipher.final()]);
|
|
const text = decrypted.toString("utf8").trim();
|
|
return text ? text : null;
|
|
} catch {
|
|
return null;
|
|
}
|
|
};
|
|
|
|
const queryChromeCookieDb = (cookieDb: string): string | null => {
|
|
try {
|
|
const out = execFileSync(
|
|
"sqlite3",
|
|
[
|
|
"-readonly",
|
|
cookieDb,
|
|
`
|
|
SELECT
|
|
COALESCE(NULLIF(value,''), hex(encrypted_value))
|
|
FROM cookies
|
|
WHERE (host_key LIKE '%claude.ai%' OR host_key = '.claude.ai')
|
|
AND name = 'sessionKey'
|
|
LIMIT 1;
|
|
`,
|
|
],
|
|
{ encoding: "utf8", stdio: ["ignore", "pipe", "ignore"], timeout: 5000 },
|
|
).trim();
|
|
if (!out) {
|
|
return null;
|
|
}
|
|
if (out.startsWith("sk-ant-")) {
|
|
return out;
|
|
}
|
|
const hex = out.replace(/[^0-9A-Fa-f]/g, "");
|
|
if (!hex) {
|
|
return null;
|
|
}
|
|
const buf = Buffer.from(hex, "hex");
|
|
const service = chromeServiceNameForPath(cookieDb);
|
|
const decrypted = decryptChromeCookieValue(buf, service);
|
|
return decrypted && decrypted.startsWith("sk-ant-") ? decrypted : null;
|
|
} catch {
|
|
return null;
|
|
}
|
|
};
|
|
|
|
const queryFirefoxCookieDb = (cookieDb: string): string | null => {
|
|
try {
|
|
const out = execFileSync(
|
|
"sqlite3",
|
|
[
|
|
"-readonly",
|
|
cookieDb,
|
|
`
|
|
SELECT value
|
|
FROM moz_cookies
|
|
WHERE (host LIKE '%claude.ai%' OR host = '.claude.ai')
|
|
AND name = 'sessionKey'
|
|
LIMIT 1;
|
|
`,
|
|
],
|
|
{ encoding: "utf8", stdio: ["ignore", "pipe", "ignore"], timeout: 5000 },
|
|
).trim();
|
|
return out && out.startsWith("sk-ant-") ? out : null;
|
|
} catch {
|
|
return null;
|
|
}
|
|
};
|
|
|
|
const findClaudeSessionKey = (): { sessionKey: string; source: string } | null => {
|
|
if (process.platform !== "darwin") {
|
|
return null;
|
|
}
|
|
|
|
const firefoxRoot = path.join(
|
|
os.homedir(),
|
|
"Library",
|
|
"Application Support",
|
|
"Firefox",
|
|
"Profiles",
|
|
);
|
|
if (fs.existsSync(firefoxRoot)) {
|
|
for (const entry of fs.readdirSync(firefoxRoot)) {
|
|
const db = path.join(firefoxRoot, entry, "cookies.sqlite");
|
|
if (!fs.existsSync(db)) {
|
|
continue;
|
|
}
|
|
const value = queryFirefoxCookieDb(db);
|
|
if (value) {
|
|
return { sessionKey: value, source: `firefox:${db}` };
|
|
}
|
|
}
|
|
}
|
|
|
|
const chromeCandidates = [
|
|
path.join(os.homedir(), "Library", "Application Support", "Google", "Chrome"),
|
|
path.join(os.homedir(), "Library", "Application Support", "Chromium"),
|
|
path.join(os.homedir(), "Library", "Application Support", "Arc"),
|
|
path.join(os.homedir(), "Library", "Application Support", "BraveSoftware", "Brave-Browser"),
|
|
path.join(os.homedir(), "Library", "Application Support", "Microsoft Edge"),
|
|
];
|
|
|
|
for (const root of chromeCandidates) {
|
|
if (!fs.existsSync(root)) {
|
|
continue;
|
|
}
|
|
const profiles = fs
|
|
.readdirSync(root)
|
|
.filter((name) => name === "Default" || name.startsWith("Profile "));
|
|
for (const profile of profiles) {
|
|
const db = path.join(root, profile, "Cookies");
|
|
if (!fs.existsSync(db)) {
|
|
continue;
|
|
}
|
|
const value = queryChromeCookieDb(db);
|
|
if (value) {
|
|
return { sessionKey: value, source: `chromium:${db}` };
|
|
}
|
|
}
|
|
}
|
|
|
|
return null;
|
|
};
|
|
|
|
const fetchClaudeWebUsage = async (sessionKey: string) => {
|
|
const headers = {
|
|
Cookie: `sessionKey=${sessionKey}`,
|
|
Accept: "application/json",
|
|
"User-Agent":
|
|
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Safari/605.1.15",
|
|
};
|
|
const orgRes = await fetch("https://claude.ai/api/organizations", { headers });
|
|
const orgText = await orgRes.text();
|
|
if (!orgRes.ok) {
|
|
return { ok: false as const, step: "organizations", status: orgRes.status, body: orgText };
|
|
}
|
|
const orgs = JSON.parse(orgText) as Array<{ uuid?: string }>;
|
|
const orgId = orgs?.[0]?.uuid;
|
|
if (!orgId) {
|
|
return { ok: false as const, step: "organizations", status: 200, body: orgText };
|
|
}
|
|
|
|
const usageRes = await fetch(`https://claude.ai/api/organizations/${orgId}/usage`, { headers });
|
|
const usageText = await usageRes.text();
|
|
return usageRes.ok
|
|
? { ok: true as const, orgId, body: usageText }
|
|
: { ok: false as const, step: "usage", status: usageRes.status, body: usageText };
|
|
};
|
|
|
|
const main = async () => {
|
|
const opts = parseArgs();
|
|
const { authLocation, store } = loadAuthProfiles(opts.agentId);
|
|
console.log(`Auth store: ${authLocation}`);
|
|
|
|
const keychain = readClaudeCliKeychain();
|
|
if (keychain) {
|
|
console.log(
|
|
`Claude Code CLI keychain: accessToken=${opts.reveal ? keychain.accessToken : mask(keychain.accessToken)} scopes=${keychain.scopes?.join(",") ?? "(unknown)"}`,
|
|
);
|
|
const oauth = await fetchAnthropicOAuthUsage(keychain.accessToken);
|
|
console.log(
|
|
`OAuth usage (keychain): HTTP ${oauth.status} (${oauth.contentType ?? "no content-type"})`,
|
|
);
|
|
console.log(oauth.text.slice(0, 200).replace(/\s+/g, " ").trim());
|
|
} else {
|
|
console.log("Claude Code CLI keychain: missing/unreadable");
|
|
}
|
|
|
|
const anthropic = pickAnthropicTokens(store);
|
|
if (anthropic.length === 0) {
|
|
console.log("Auth profiles: no Anthropic token profiles found");
|
|
} else {
|
|
for (const entry of anthropic) {
|
|
console.log(
|
|
`Auth profiles: ${entry.profileId} token=${opts.reveal ? entry.token : mask(entry.token)}`,
|
|
);
|
|
const oauth = await fetchAnthropicOAuthUsage(entry.token);
|
|
console.log(
|
|
`OAuth usage (${entry.profileId}): HTTP ${oauth.status} (${oauth.contentType ?? "no content-type"})`,
|
|
);
|
|
console.log(oauth.text.slice(0, 200).replace(/\s+/g, " ").trim());
|
|
}
|
|
}
|
|
|
|
const sessionKey =
|
|
opts.sessionKey?.trim() ||
|
|
process.env.CLAUDE_AI_SESSION_KEY?.trim() ||
|
|
process.env.CLAUDE_WEB_SESSION_KEY?.trim() ||
|
|
findClaudeSessionKey()?.sessionKey;
|
|
const source = opts.sessionKey
|
|
? "--session-key"
|
|
: process.env.CLAUDE_AI_SESSION_KEY || process.env.CLAUDE_WEB_SESSION_KEY
|
|
? "env"
|
|
: (findClaudeSessionKey()?.source ?? "auto");
|
|
|
|
if (!sessionKey) {
|
|
console.log(
|
|
"Claude web: no sessionKey found (try --session-key or export CLAUDE_AI_SESSION_KEY)",
|
|
);
|
|
return;
|
|
}
|
|
|
|
console.log(
|
|
`Claude web: sessionKey=${opts.reveal ? sessionKey : mask(sessionKey)} (source: ${source})`,
|
|
);
|
|
const web = await fetchClaudeWebUsage(sessionKey);
|
|
if (!web.ok) {
|
|
console.log(`Claude web: ${web.step} HTTP ${web.status}`);
|
|
console.log(web.body.slice(0, 400).replace(/\s+/g, " ").trim());
|
|
return;
|
|
}
|
|
console.log(`Claude web: org=${web.orgId} OK`);
|
|
console.log(web.body.slice(0, 400).replace(/\s+/g, " ").trim());
|
|
};
|
|
|
|
await main();
|