Files
steipete--codexbar/docs/refactor/claude-current-baseline.md
2026-07-13 12:22:33 +08:00

156 lines
7.1 KiB
Markdown

---
summary: "Current Claude behavior baseline before vNext refactor work."
read_when:
- Planning Claude refactor tickets
- Changing Claude runtime/source selection
- Changing Claude OAuth prompt or cooldown behavior
- Changing Claude token-account routing
---
# Claude current baseline
This document is the current-state parity reference for Claude behavior in CodexBar.
Use it when later tickets need to preserve or intentionally change Claude behavior. When the refactor plan,
summary docs, and running code disagree, treat current code plus characterization coverage as authoritative, and use
this document as the human-readable summary of that current state.
## Scope of this baseline
This baseline captures the current behavior surface that later refactor work must preserve unless a future ticket
changes it intentionally:
- runtime/source-mode selection,
- prompt and cooldown behavior that affects Claude OAuth repair flows,
- token-account routing at the app and CLI edges,
- provider siloing and web-enrichment rules,
- the current relationship between the public Claude doc and the vNext refactor plan.
## Active behavior owners
Current Claude behavior is defined by several active owners, not one central planner:
- `Sources/CodexBarCore/Providers/Claude/ClaudeProviderDescriptor.swift`
owns the main provider-pipeline strategy order and fallback rules.
- `Sources/CodexBarCore/Providers/Claude/ClaudeUsageFetcher.swift`
still owns a separate direct `.auto` path, delegated refresh, prompt/cooldown handling, and web-extra enrichment.
- `Sources/CodexBar/Providers/Claude/ClaudeSettingsStore.swift`
owns app-side token-account routing into cookie or OAuth behavior.
- `Sources/CodexBarCLI/TokenAccountCLI.swift`
owns CLI-side token-account routing and effective source-mode overrides.
- `Sources/CodexBarCore/TokenAccountSupport.swift`
owns the current string heuristics that distinguish Claude OAuth access tokens from cookie/session-key inputs.
## Current runtime and source-mode behavior
### Main provider pipeline
The generic provider pipeline currently resolves Claude strategies in this order:
| Runtime | Selected mode | Ordered strategies | Fallback behavior |
| --- | --- | --- | --- |
| app | auto | `oauth -> cli -> web` | OAuth can fall through to CLI/Web. CLI can fall through to Web only when Web is available. Web is terminal. |
| app | oauth | `oauth` | No fallback. |
| app | cli | `cli` | No fallback. |
| app | web | `web` | No fallback. |
| cli | auto | `web -> cli` | Web can fall through to CLI. CLI is terminal. |
| cli | oauth | `oauth` | No fallback. |
| cli | cli | `cli` | No fallback. |
| cli | web | `web` | No fallback. |
This behavior is owned by `Sources/CodexBarCore/Providers/Claude/ClaudeProviderDescriptor.swift`
through `ProviderFetchPlan` and `ProviderFetchPipeline`.
### Other active `.auto` decision sites
The codebase still contains multiple active `.auto` decision sites:
| Owner | Current behavior |
| --- | --- |
| `ClaudeProviderDescriptor.resolveUsageStrategy(...)` | Chooses `oauth`, then `cli`, then `web`, with final `cli` fallback when none are available. |
| `ClaudeUsageFetcher.loadLatestUsage(.auto)` | Chooses `oauth`, then `web`, then `cli`, with final `oauth` fallback. |
This inconsistency is intentional to record here. RAT-107 directly characterizes the active direct-fetcher branches it
can reach cleanly in tests and records the remaining current-state behavior without reconciling it.
## Prompt and cooldown baseline
Current behavior that later refactor work must preserve:
- The default Claude keychain prompt mode is `onlyOnUserAction`.
- Prompt policy is only applicable when the Claude OAuth read strategy is `securityFramework`.
- User-initiated interaction clears a prior Claude keychain cooldown denial before retrying availability or repair.
- Startup bootstrap prompting is allowed only when all of these are true:
- runtime is app,
- interaction is background,
- refresh phase is startup,
- prompt mode is `onlyOnUserAction`,
- no cached Claude credentials exist.
- Background delegated refresh is blocked when prompt policy is `onlyOnUserAction` and the caller did not explicitly
allow background delegated refresh.
- Prompt mode `never` blocks delegated refresh attempts.
- Expired credential owner behavior remains owner-specific:
- `.claudeCLI`: delegated refresh path,
- `.codexbar`: direct refresh path,
- `.environment`: no auto-refresh.
## Token-account routing baseline
Accepted Claude token-account input shapes today:
- raw OAuth access token with `sk-ant-oat...` prefix,
- `Bearer sk-ant-oat...` input,
- raw session key,
- full cookie header.
Current routing rules:
- OAuth-token-shaped inputs are not treated as cookies.
- Cookie/header-shaped inputs are any value that already contains `Cookie:` or `=`.
- App-side Claude snapshot behavior:
- OAuth token account keeps the usage source setting as-is, disables cookie mode (`.off`), clears the manual cookie
header, and relies on environment-token injection.
- Session-key or cookie-header account keeps the usage source setting as-is, forces manual cookie mode, and
normalizes raw session keys into `sessionKey=<value>`.
- CLI-side Claude token-account behavior:
- OAuth token account changes the effective source mode from `auto` to `oauth`, disables cookie mode, omits a
manual cookie header, and injects `CODEXBAR_CLAUDE_OAUTH_TOKEN`.
- Session-key or cookie-header account stays in cookie/manual mode.
## Siloing and web-enrichment baseline
Claude Web enrichment is cost-only when the primary source is OAuth or CLI:
- Web extras may populate `providerCost` when it is missing.
- Web extras must not replace `accountEmail`, `accountOrganization`, or `loginMethod` from the primary source.
- Snapshot identity remains provider-scoped to Claude.
This behavior is implemented in `Sources/CodexBarCore/Providers/Claude/ClaudeUsageFetcher.swift`
inside `applyWebExtrasIfNeeded`.
## Documentation contract
- [docs/claude.md](../claude.md) is the summary doc for contributors who want an overview.
- This file is the exact current-state baseline for contributor and refactor parity work.
- [claude-provider-vnext-locked.md](claude-provider-vnext-locked.md)
is the future refactor plan and should cite this file for present behavior.
## Characterization coverage
Stable automated coverage for this baseline lives in:
- `Tests/CodexBarTests/ClaudeBaselineCharacterizationTests.swift`
- `Tests/CodexBarTests/ClaudeOAuthFetchStrategyAvailabilityTests.swift`
- `Tests/CodexBarTests/ClaudeUsageTests.swift`
- `Tests/CodexBarTests/TokenAccountEnvironmentPrecedenceTests.swift`
- `Tests/CodexBarTests/SettingsStoreCoverageTests.swift`
`ClaudeUsageTests.swift` now directly characterizes the reachable `ClaudeUsageFetcher(.auto)` branches for:
- OAuth when OAuth, Web, and CLI all appear available,
- Web before CLI when OAuth is unavailable,
The successful CLI-selected branch and the CLI-failure-to-OAuth fallback remain documented from code inspection plus
surrounding Claude probe/regression coverage, because the current CLI-availability decision is sourced from process-wide
binary discovery with no stable test seam that would keep RAT-107 in scope.