Fix docker-git auth claude login failing after successful OAuth login

[konard]

Summary

Fixes #439 — docker-git auth claude login failed with exit code 1 even though the OAuth login had succeeded.

Root cause

In authClaudeLogin (packages/lib/src/usecases/auth-claude.ts), the flow is:

1. Run claude setup-token in the isolated container and capture the OAuth token.
2. Persist the token to .oauth-token (and chmod 600).
3. Run a verification probe: claude -p ping with the captured token.
4. If the probe exits non-zero, the command failed with CommandFailedError — discarding the already-saved token.

As seen in the issue log, the token was created successfully (✓ Long-lived authentication token created successfully!) but the post-login probe failed, so the whole command exited 1. The probe makes a live API call, so a transient hiccup (network, rate limit, or freshly-issued token still propagating) would invalidate an otherwise successful login.

This was also inconsistent with authClaudeStatus, which only warns when the same probe fails.

Fix

Treat a failing post-login probe as a warning instead of a hard error, mirroring authClaudeStatus. The token is already persisted before the probe runs, so login now succeeds and the user is told to re-check later with docker-git auth claude status.

-      Effect.fail(new CommandFailedError({ command: "claude setup-token", exitCode: probeExitCode }))
+      Effect.logWarning(`Claude OAuth token saved (${accountLabel}), but the API probe failed (exit=${probeExitCode}). ...`)

Reproduction & test

Added packages/lib/tests/usecases/auth-claude-login.test.ts with a fake docker CommandExecutor that captures a setup-token and makes the claude -p ping probe return a non-zero exit code.

• Before the fix: the test fails at the Effect.fail(new CommandFailedError(...)) line (verified by stashing the source change).
• After the fix: login completes and the token file is persisted.

✓ authClaudeLogin > persists the OAuth token even when the post-login API probe fails
✓ authClaudeLogin > persists the OAuth token when the post-login API probe succeeds

Full packages/lib suite: 229 passed. lint:effect clean.

Release

Added a changeset (patch for @prover-coder-ai/docker-git).

[coderabbitai]

Warning

Review limit reached

@konard, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 13 minutes and 38 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: ed2d7495-a5db-46c7-a3db-db6a8096af13

📥 Commits

Reviewing files that changed from the base of the PR and between 2738a0c and 19bd8c3.

📒 Files selected for processing (7)

• .changeset/fix-claude-auth-login-probe.md
• packages/app/CHANGELOG.md
• packages/app/package.json
• packages/docker-git-session-sync/CHANGELOG.md
• packages/docker-git-session-sync/package.json
• packages/lib/src/usecases/auth-claude.ts
• packages/lib/tests/usecases/auth-claude-login.test.ts

📝 Walkthrough

Walkthrough

.gitkeep заменён одной автогенерированной строкой комментария с меткой времени, PR/веткой и ссылкой на issue.

Changes

Обновление комментария автогенерации

Layer / File(s)	Summary
Строка автогенерации .gitkeep	В .gitkeep добавлена одна строка комментария с меткой времени автогенерации и ссылочной информацией о PR/ветке и issue.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• ProverCoderAI/docker-git#405: Изменяет тот же файл .gitkeep и добавляет автогенерируемый комментарий.
• ProverCoderAI/docker-git#409: Также обновляет .gitkeep автогенерируемой строкой с метаданными PR/ветки.

---

Caution

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

• Ignore

❌ Failed checks (1 error, 2 warnings)

Check name	Status	Explanation	Resolution
Requirements Alignment	❌ Error	Дифф меняет только .gitkeep; он не исправляет docker-git auth claude login и не добавляет тестов под #439.	Нужно внести реальную правку в auth-claude/связанный путь, добавить тест на успешный выход после OAuth и убрать placeholder-комментарий.
Linked Issues check	⚠️ Warning	Изменение не реализует требования #439: в PR нет правки логики docker-git auth claude login, только комментарий в .gitkeep.	Нужно исправить завершение команды после успешной OAuth-аутентификации и убрать CommandFailedError, а не менять только .gitkeep.
Out of Scope Changes check	⚠️ Warning	Автогенерированный комментарий с timestamp и ссылками в .gitkeep не относится к исправлению ошибки логина.	Удалите посторонние метаданные из .gitkeep и внесите только код, нужный для #439.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Security Regression	✅ Passed	Изменён только .gitkeep с комментарием; нет признаков инъекций, утечек секретов или опасной конфигурации.
Title check	✅ Passed	The title accurately summarizes the main fix: Claude auth login no longer fails after a successful OAuth login.
Description check	✅ Passed	The description is clearly aligned with the changeset and issue, describing the login probe failure and the warning-based fix.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[konard]

Working session summary

All functional CI checks pass. The remaining E2E jobs are still running (slow integration tests for unrelated flows), and the only failure is CodeRabbit — an external billing issue ("Prepaid credits exhausted"), not a code problem.

Summary

I fixed issue #439 — docker-git auth claude login failing with exit code 1 even after a successful OAuth login.

Root cause

In packages/lib/src/usecases/auth-claude.ts, authClaudeLogin:

1. Runs claude setup-token, captures the OAuth token.
2. Persists the token to .oauth-token (chmod 600).
3. Runs a verification probe claude -p ping.
4. Hard-failed with CommandFailedError on any non-zero probe exit — discarding the already-saved token.

The probe makes a live API call, so a transient failure (network hiccup, rate limit, freshly-issued token still propagating) invalidated an otherwise successful login. This was also inconsistent with authClaudeStatus, which only warns on the same probe failure — exactly matching the issue log where the token was created successfully but the command still exited 1.

Fix

Treat the failing post-login probe as a warning instead of a hard error, mirroring authClaudeStatus. Since the token is persisted before the probe runs, login now succeeds and advises the user to re-check later with docker-git auth claude status.

Verification

• Added packages/lib/tests/usecases/auth-claude-login.test.ts with a fake docker CommandExecutor that captures a setup-token and makes the -p ping probe return non-zero.
• Confirmed the test fails without the fix (at the Effect.fail line, verified by stashing) and passes with it.
• Full packages/lib suite: 229 passed. lint:effect, Types, Build, Test, Lint all green in CI.
• Added a changeset (patch for @prover-coder-ai/docker-git), merged main, removed the placeholder .gitkeep.

PR: #440 (updated and marked ready for review).

---

This summary was automatically extracted from the AI working session output.

[konard]

🤖 Solution Draft Log

This log file contains the complete execution trace of the AI solution draft process.

💰 Cost: $4.620513

📊 Context and tokens usage:

• 114.4K / 1M (11%) input tokens, 31.8K / 128K (25%) output tokens

Total: (4.0K new + 101.7K cache writes + 5.6M cache reads) input tokens, 31.8K output tokens, $4.620513 cost

🤖 Models used:

• Tool: Anthropic Claude Code
• Requested: opus (claude-opus-4-8)
• Model: Claude Opus 4.8 (claude-opus-4-8)

📎 Log file uploaded as Gist (2166KB)

• View complete solution draft log

---

Now working session is ended, feel free to review and add any feedback on the solution draft.

[konard]

🔄 Auto-restart triggered (iteration 1)

Reason: CI failures detected

Starting new session to address the issues.

---

Auto-restart-until-mergeable mode is active. This run will stop after 5 restart iterations.

[konard]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[konard]

🔄 Auto-restart-until-mergeable Log (iteration 1)

This log file contains the complete execution trace of the AI solution draft process.

💰 Cost estimation:

• Public pricing estimate: $1.015964
• Calculated by Anthropic: $5.636477
• Difference: $4.620513 (+454.79%)

📊 Context and tokens usage:

• 47.1K / 1M (5%) input tokens, 8.8K / 128K (7%) output tokens

Total: (3.3K new + 34.3K cache writes + 871.7K cache reads) input tokens, 8.8K output tokens, $1.015964 cost

🤖 Models used:

• Tool: Anthropic Claude Code
• Requested: opus (claude-opus-4-8)
• Model: Claude Opus 4.8 (claude-opus-4-8)

📎 Log file uploaded as Gist (2977KB)

• View complete solution draft log

---

Now working session is ended, feel free to review and add any feedback on the solution draft.

[konard]

🔄 Auto-restart triggered (iteration 2)

Reason: CI failures detected

Starting new session to address the issues.

---

Auto-restart-until-mergeable mode is active. This run will stop after 5 restart iterations.

[konard]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[konard]

🔄 Auto-restart-until-mergeable Log (iteration 2)

This log file contains the complete execution trace of the AI solution draft process.

💰 Cost estimation:

• Public pricing estimate: $0.696650
• Calculated by Anthropic: $6.333127
• Difference: $5.636477 (+809.08%)

📊 Context and tokens usage:

• 40.9K / 1M (4%) input tokens, 7.4K / 128K (6%) output tokens

Total: (3.5K new + 21.3K cache writes + 562.5K cache reads) input tokens, 7.4K output tokens, $0.696650 cost

🤖 Models used:

• Tool: Anthropic Claude Code
• Requested: opus (claude-opus-4-8)
• Model: Claude Opus 4.8 (claude-opus-4-8)

📎 Log file uploaded as Gist (3734KB)

• View complete solution draft log

---

Now working session is ended, feel free to review and add any feedback on the solution draft.

[konard]

🔄 Auto-restart triggered (iteration 3)

Reason: CI failures detected

Starting new session to address the issues.

---

Auto-restart-until-mergeable mode is active. This run will stop after 5 restart iterations.

[konard]

CI status — only failing check is an external CodeRabbit billing limit

I reviewed the failing CI and verified the code state on issue-439-c9a9c01e8b9b:

• Diff is exactly 3 files (no stray .gitkeep):
  • .changeset/fix-claude-auth-login-probe.md
  • packages/lib/src/usecases/auth-claude.ts — the actual fix for Исправить ошибку при docker-git auth claude login #439
  • packages/lib/tests/usecases/auth-claude-login.test.ts — reproducing test
• Branch is fully up to date with main (HEAD..origin/main is empty), no conflicts.
• Tests pass: vitest run tests/usecases/auth-claude-login.test.ts → 2 passed.
• lint:effect clean.
• All functional CI checks pass: Build, Test, Types, Lint, Lint Effect-TS, Snapshot, Dist deps prune, and every E2E job are green.

Why the CodeRabbit check is red

The check reports:

Prepaid credits exhausted — enable the review add-on

This is an external billing/account limit on the org's CodeRabbit subscription (Your organization has used up its prepaid credits…), not a code problem. No source change can make it pass — it requires an org admin to enable the review add-on in the CodeRabbit billing tab (or waiting out the rate-limit window).

The stale CodeRabbit "Requirements Alignment" note pointing at .gitkeep is from an earlier review run; that placeholder was already removed and is not in the current diff — the present diff correctly fixes docker-git auth claude login in auth-claude.ts and adds a regression test, exactly as #439 requires.

There is nothing further to fix on the code side; the PR is ready pending the CodeRabbit billing resolution.

[konard]

🔄 Auto-restart-until-mergeable Log (iteration 3)

This log file contains the complete execution trace of the AI solution draft process.

💰 Cost estimation:

• Public pricing estimate: $0.731452
• Calculated by Anthropic: $7.064579
• Difference: $6.333127 (+865.83%)

📊 Context and tokens usage:

• 45.9K / 1M (5%) input tokens, 7.4K / 128K (6%) output tokens

Total: (3.2K new + 26.2K cache writes + 536.9K cache reads) input tokens, 7.4K output tokens, $0.731452 cost

🤖 Models used:

• Tool: Anthropic Claude Code
• Requested: opus (claude-opus-4-8)
• Model: Claude Opus 4.8 (claude-opus-4-8)

📎 Log file uploaded as Gist (4493KB)

• View complete solution draft log

---

Now working session is ended, feel free to review and add any feedback on the solution draft.

[konard]

🔄 Auto-restart triggered (iteration 4)

Reason: CI failures detected

Starting new session to address the issues.

---

Auto-restart-until-mergeable mode is active. This run will stop after 5 restart iterations.

[konard]

Working session summary

Everything is verified and in order. Here's my assessment:

Conclusion

The code fix for issue #439 is complete and correct. The only failing CI check, CodeRabbit, is an external billing/account limit — not a code problem.

Verification done this session

• Diff vs main: exactly 3 relevant files — .changeset/fix-claude-auth-login-probe.md, packages/lib/src/usecases/auth-claude.ts (the fix), packages/lib/tests/usecases/auth-claude-login.test.ts (reproducing test). No stray .gitkeep.
• Branch up to date with main — HEAD..origin/main is empty, no conflicts.
• Test passes: auth-claude-login.test.ts → 2 passed.
• lint:effect clean: 0 errors (only pre-existing migration-blocker warnings in an unrelated package, exit code 0).
• Comment style is idiomatic: the CHANGE:/WHY:/REF:/SOURCE: n/a block matches the convention used across packages/lib/src/ (e.g. shell/config.ts, shell/docker-auth.ts, usecases/auth-codex.ts).
• All functional CI checks pass: Build, Test, Types, Lint, Lint Effect-TS, Snapshot, Dist deps prune, and every E2E job are green.

Why CodeRabbit is red (and unfixable by code)

CodeRabbit  fail  —  Prepaid credits exhausted — enable the review add-on

CodeRabbit's own comment confirms: "Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab…" This requires an org admin to enable the add-on (or waiting out the rate-limit window). No source change can make it pass. The stale CodeRabbit "Requirements Alignment" note about .gitkeep is from an earlier review run — that placeholder is not in the current diff.

The fix itself (treating a failing post-login API probe as a warning rather than a hard error, mirroring authClaudeStatus, since the OAuth token is already persisted before the probe) directly resolves the issue: docker-git auth claude login no longer exits 1 after a successful login.

Iteration 3 already posted a detailed PR comment explaining the CodeRabbit billing situation, so I'm not adding a redundant duplicate. There is nothing further to fix on the code side — the PR is ready pending the org's CodeRabbit billing resolution.

---

This summary was automatically extracted from the AI working session output.

[konard]

🔄 Auto-restart-until-mergeable Log (iteration 4)

This log file contains the complete execution trace of the AI solution draft process.

💰 Cost estimation:

• Public pricing estimate: $0.485599
• Calculated by Anthropic: $7.550178
• Difference: $7.064579 (+1454.82%)

📊 Context and tokens usage:

• 42.8K / 1M (4%) input tokens, 4.6K / 128K (4%) output tokens

Total: (3.0K new + 23.2K cache writes + 248.8K cache reads) input tokens, 4.6K output tokens, $0.485599 cost

🤖 Models used:

• Tool: Anthropic Claude Code
• Requested: opus (claude-opus-4-8)
• Model: Claude Opus 4.8 (claude-opus-4-8)

📎 Log file uploaded as Gist (5185KB)

• View complete solution draft log

---

Now working session is ended, feel free to review and add any feedback on the solution draft.

[konard]

🔄 Auto-restart triggered (iteration 5)

Reason: CI failures detected

Starting new session to address the issues.

---

Auto-restart-until-mergeable mode is active. This run will stop after 5 restart iterations.

[konard]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[konard]

🔄 Auto-restart-until-mergeable Log (iteration 5)

This log file contains the complete execution trace of the AI solution draft process.

💰 Cost estimation:

• Public pricing estimate: $0.637494
• Calculated by Anthropic: $8.187671
• Difference: $7.550178 (+1184.35%)

📊 Context and tokens usage:

• 43.7K / 1M (4%) input tokens, 5.6K / 128K (4%) output tokens

Total: (10.5K new + 24.1K cache writes + 406.4K cache reads) input tokens, 5.6K output tokens, $0.637494 cost

🤖 Models used:

• Tool: Anthropic Claude Code
• Requested: opus (claude-opus-4-8)
• Model: Claude Opus 4.8 (claude-opus-4-8)

📎 Log file uploaded as Gist (5925KB)

• View complete solution draft log

---

Now working session is ended, feel free to review and add any feedback on the solution draft.

[konard]

⚠️ Auto-restart limit reached

Hive Mind stopped auto-restart-until-mergeable after 5 restart iterations.

Configured limit: 5
Remaining reason: CI failures detected

No further AI sessions will be started automatically for this run. Please review the remaining blockers manually or rerun with a higher --auto-restart-max-iterations value.

---

Auto-restart-until-mergeable stopped by the safety limit.