fix: detect Anthropic auth token from process environment

[michaeledi]

Summary

• treat process.env.ANTHROPIC_AUTH_TOKEN as a valid Claude auth source in /api/cli/claude/status
• keep the existing ANTHROPIC_API_KEY, ~/.claude/settings.json, and OAuth credential checks unchanged
• update the auth priority comment to include Anthropic auth tokens from the process environment

Why PR #527 did not fully fix this

PR #527 added support for ANTHROPIC_API_KEY and ANTHROPIC_AUTH_TOKEN when they are stored under ~/.claude/settings.json env values. That helps setups where Claude Code reads proxy/auth values from settings.json, but it does not cover local service managers such as systemd, pm2, Docker, or shell-launched processes that inject ANTHROPIC_AUTH_TOKEN directly into the CloudCLI server process environment.

In those deployments, Claude/SDK execution can receive ANTHROPIC_AUTH_TOKEN from process.env and work correctly, while the CloudCLI status endpoint still reports disconnected because it only checked process.env.ANTHROPIC_API_KEY before falling back to settings.json and OAuth credentials.

Validation

• node --check server/routes/cli-auth.js
• Before the fix, a local Express route check with only HOME set to an empty temp dir and ANTHROPIC_AUTH_TOKEN in process.env returned {"authenticated":false,"email":null,"method":null,"error":"Not authenticated"}
• After the fix, the same check returns {"authenticated":true,"email":"Configured via environment","method":"api_key"}

Summary by CodeRabbit

• New Features
  • Added support for authentication via environment variables with higher priority than configuration files

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: a4a36dda-db58-4ace-8527-31e114a1f5c1

📥 Commits

Reviewing files that changed from the base of the PR and between e2459cb and 87239ad.

📒 Files selected for processing (1)

• server/routes/cli-auth.js

---

📝 Walkthrough

Walkthrough

Updated Claude credential authentication to prioritize the ANTHROPIC_AUTH_TOKEN environment variable ahead of the ~/.claude/settings.json file lookup. When this environment variable is present and non-empty, the system immediately authenticates the user and returns early with method api_key.

Changes

Cohort / File(s)	Summary
Authentication Priority Enhancement server/routes/cli-auth.js	Added process.env.ANTHROPIC_AUTH_TOKEN as a high-priority authentication source with early return when set. Updated documentation to reflect new priority order placing environment variable detection before credentials file lookup.

Possibly related PRs

• Add support for ANTHROPIC_API_KEY environment variable authentication detection #346: Also modifies server/routes/cli-auth.js to add environment-variable-based Claude API key detection with method api_key return value.
• fix: detect Claude auth from settings env #527: Modifies server/routes/cli-auth.js to adjust Claude credential detection priority ordering and authentication source handling.

Suggested reviewers

• viper151
• blackmammoth

Poem

🐰 A token hops into the environment's nest,
No file to search, no lengthy quest!
One sniff of ANTHROPIC_AUTH_TOKEN so fine,
Authentication blooms—the credentials align! 🔑

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: adding detection of the Anthropic auth token from the process environment variable.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}