fix: shared Claude OAuth credentials in containers — mount + flock to prevent token rotation race (#693)
- Make ~/.claude volume mount read-write (was :ro) so containers can write back refreshed OAuth tokens - Wrap Claude CLI in flock(1) inside tmux sessions using ~/.claude/session.lock — prevents concurrent token refresh races across agents sharing the same credentials - Add ANTHROPIC_API_KEY detection in entrypoint.sh: when set, skips OAuth entirely (no rotation issues, metered billing) - Log active auth method (API key vs OAuth vs missing) at container startup for easier 401 debugging - Document 'claude auth login' requirement in disinto init output Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
openhands
parent
cfdbaeeb5b
commit
cf6400e8f3
3 changed files with 34 additions and 2 deletions
10
bin/disinto
10
bin/disinto
|
|
@ -223,7 +223,7 @@ services:
|
|||
- agent-data:/home/agent/data
|
||||
- project-repos:/home/agent/repos
|
||||
- ./:/home/agent/disinto:ro
|
||||
- ${HOME}/.claude:/home/agent/.claude:ro
|
||||
- ${HOME}/.claude:/home/agent/.claude
|
||||
- ${HOME}/.claude.json:/home/agent/.claude.json:ro
|
||||
- CLAUDE_BIN_PLACEHOLDER:/usr/local/bin/claude:ro
|
||||
environment:
|
||||
|
|
@ -1517,6 +1517,14 @@ p.write_text(text)
|
|||
else
|
||||
echo " Mode: bare-metal"
|
||||
fi
|
||||
echo ""
|
||||
echo "── Claude authentication ──────────────────────────────"
|
||||
echo " OAuth (shared across containers):"
|
||||
echo " Run 'claude auth login' on the host once."
|
||||
echo " Credentials in ~/.claude are mounted into containers."
|
||||
echo " API key (alternative — metered billing, no rotation issues):"
|
||||
echo " Set ANTHROPIC_API_KEY in .env to skip OAuth entirely."
|
||||
echo ""
|
||||
echo " Run 'disinto status' to verify."
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue