Docs: Incorrect claim about credential storage (keychain vs file) #1
Description
Summary
Documentation and code comments incorrectly claim credentials are stored in the OS keychain, when they're actually stored in ~/.claude/.credentials.json.
Inconsistency
| Location | Claim |
|---|---|
DESIGN.md:42 |
Uses: ~/.claude/credentials.json ✅ Correct |
README.md:194 |
secure keychain storage ❌ Incorrect |
subprocess/manager.ts:245 |
OS keychain, not a file ❌ Incorrect |
subprocess/manager.ts:251-252 |
credentials are stored in the OS keychain ❌ Incorrect |
Suggested Fix
Update README.md line 194:
-- All authentication handled by Claude CLI's secure keychain storage
++ All authentication handled by Claude CLI (credentials stored in ~/.claude/.credentials.json)Update subprocess/manager.ts lines 243-252:
/**
* Check if Claude CLI is authenticated
*
- * Claude Code stores credentials in the OS keychain, not a file.
+ * Claude Code stores credentials in ~/.claude/.credentials.json.
* We verify authentication by checking if we can call the CLI successfully.
* If the CLI is installed, it typically has valid credentials from `claude auth login`.
*/
export async function verifyAuth(): Promise<{ ok: boolean; error?: string }> {
- // If Claude CLI is installed and the user has run `claude auth login`,
- // credentials are stored in the OS keychain and will be used automatically.
+ // If Claude CLI is installed and the user has run `claude auth login`,
+ // credentials are stored in ~/.claude/.credentials.json and will be used automatically.
// We can't easily check the keychain, so we'll just return true if the CLI exists.
// Authentication errors will surface when making actual API calls.
return { ok: true };
}Why This Matters
Users reviewing the code for security might be misled about where their credentials are stored. While the code itself doesn't access credential files (which is good), accurate documentation helps users make informed security decisions.