charles/claude-hooks
1
0
Fork 0
Code Issues 10 Pull requests Projects Releases Packages 1 Wiki Activity Actions

Bind-mount credentials directory, not file (survive claude login without container restart) #57

New issue
Closed
opened 2026-04-18 17:33:45 +00:00 by claude-desktop · 0 comments
claude-desktop commented 2026-04-18 17:33:45 +00:00
Collaborator
Copy link

User story

As a maintainer, I want agent containers to pick up refreshed Claude OAuth credentials without a restart, so that every claude login on the host doesn't silently break every running agent container for the next 8 h.

Context

Seen on #56 today. Sequence of events:

  1. Containers boot; Docker bind-mounts ~/.config/claude-hooks/claude-credentials/.credentials.json into /home/claude/.config/claude-code/.credentials.json. The mount binds to the inode at that path.
  2. 8 h later the host-side OAuth access token expires.
  3. claude login (or any refresh path that writes .new + rename) replaces the host file with a new inode.
  4. The container's bind-mount still points to the original inode (now nlink=0 but kept alive because the container has it mounted). Container sees stale, expired token forever.
  5. Tasks fail with HTTP 401 · authentication_error until the container is restarted.

We worked around it today by docker restart-ing boss/dev/reviewer. We also set up a systemd path unit (~/.config/systemd/user/claude-creds-mirror.{path,service}) that does cat src > dst to preserve the inode on the mirror file — that helps when the host-side mirror is in-place-rewritten, but it cannot rescue us when claude login itself atomic-renames the source file upstream of the mirror.

The root cause is: bind-mounting a file is bind-mounting an inode. Bind-mounting the containing directory sees path-level changes.

Acceptance criteria

Container config

  • config/agents.json container spec takes a directory path (credentials_host_dir) instead of / alongside credentials_host_path, and the runtime mounts that directory read-only at /home/claude/.config/claude-code/ (or wherever the SDK expects it).
  • The directory ~/.config/claude-hooks/claude-credentials/ contains only .credentials.json (already the case) — no accidental leakage of other secrets.
  • Read-only mount is preserved (no cred writes from inside the container).

Container launcher

  • Update the container-spawn code (src/workers/ or wherever docker run is assembled) to emit --mount type=bind,source=<dir>,target=<dir>,readonly instead of the current file-level mount.
  • Backwards-compat: if only credentials_host_path is set (old config), resolve to its parent dir automatically so nobody has to edit the config for the migration.

Verification

  • After landing, simulate the refresh:
    1. docker inspect $container --format '{{range .Mounts}}{{.Source}} -> {{.Destination}}{{println}}{{end}}' should show the directory.
    2. Rewrite ~/.claude/.credentials.json via any method (atomic rename, in-place, doesn't matter).
    3. Mirror file (~/.config/claude-hooks/claude-credentials/.credentials.json) gets its new inode.
    4. docker exec $container stat -c %i /home/claude/.config/claude-code/.credentials.json now shows the host-current inode — no restart needed.
    5. A dispatched task authenticates with the fresh token.

Tests

  • Unit / integration: a mount-spec builder test that given credentials_host_path emits a directory mount for the parent.
  • Manual smoke test script in scripts/ that rewrites creds on the host, then calls docker exec on each agent container to verify the fresh inode is visible.

Docs

  • CLAUDE.md: note that credentials are directory-mounted, and claude login on the host is picked up automatically by running containers.
  • Update the claude-creds-mirror.service comment in memory / scripts/setup to explain it's no longer strictly required (but still useful so the mirror stays in sync).

Out of scope

  • Writing creds back from the container (SDK auto-refresh path) — still read-only.
  • Moving credentials into a secrets-manager backend (Vault / sops) — that's a separate story.
  • Rotating the refresh token itself — upstream Anthropic concern.

References

  • Debugging session on #56 (where we discovered the inode-orphan behavior and manually docker restart-ed the trio).
  • systemd path unit installed today: ~/.config/systemd/user/claude-creds-mirror.{path,service}.
  • Agent config the mount comes from: config/agents.jsonagents.*.container.credentials_host_path.
  • Memory note: ~/.claude/projects/-home-charles-Workspace-claude-hooks/memory/agents.md.

Dependencies

  • Blocked by: nothing.
  • Blocks: indirectly every long-running agent container survives a claude login without manual intervention; tightens the reliability story for #56 and every future agent type.
  • Branch off: main.
## User story As a **maintainer**, I want agent containers to pick up refreshed Claude OAuth credentials without a restart, so that every `claude login` on the host doesn't silently break every running agent container for the next 8 h. ## Context Seen on #56 today. Sequence of events: 1. Containers boot; Docker bind-mounts `~/.config/claude-hooks/claude-credentials/.credentials.json` into `/home/claude/.config/claude-code/.credentials.json`. The mount binds to the **inode** at that path. 2. 8 h later the host-side OAuth access token expires. 3. `claude login` (or any refresh path that writes `.new` + `rename`) replaces the host file **with a new inode**. 4. The container's bind-mount still points to the original inode (now `nlink=0` but kept alive because the container has it mounted). Container sees stale, expired token forever. 5. Tasks fail with `HTTP 401 · authentication_error` until the container is restarted. We worked around it today by `docker restart`-ing boss/dev/reviewer. We also set up a systemd path unit (`~/.config/systemd/user/claude-creds-mirror.{path,service}`) that does `cat src > dst` to preserve the inode on the mirror file — that helps when the host-side mirror is in-place-rewritten, but it cannot rescue us when `claude login` itself atomic-renames the source file upstream of the mirror. The root cause is: **bind-mounting a file is bind-mounting an inode**. Bind-mounting the containing **directory** sees path-level changes. ## Acceptance criteria ### Container config - [ ] `config/agents.json` container spec takes a **directory** path (`credentials_host_dir`) instead of / alongside `credentials_host_path`, and the runtime mounts that directory read-only at `/home/claude/.config/claude-code/` (or wherever the SDK expects it). - [ ] The directory `~/.config/claude-hooks/claude-credentials/` contains only `.credentials.json` (already the case) — no accidental leakage of other secrets. - [ ] Read-only mount is preserved (no cred writes from inside the container). ### Container launcher - [ ] Update the container-spawn code (`src/workers/` or wherever `docker run` is assembled) to emit `--mount type=bind,source=<dir>,target=<dir>,readonly` instead of the current file-level mount. - [ ] Backwards-compat: if only `credentials_host_path` is set (old config), resolve to its parent dir automatically so nobody has to edit the config for the migration. ### Verification - [ ] After landing, simulate the refresh: 1. `docker inspect $container --format '{{range .Mounts}}{{.Source}} -> {{.Destination}}{{println}}{{end}}'` should show the directory. 2. Rewrite `~/.claude/.credentials.json` via any method (atomic rename, in-place, doesn't matter). 3. Mirror file (`~/.config/claude-hooks/claude-credentials/.credentials.json`) gets its new inode. 4. `docker exec $container stat -c %i /home/claude/.config/claude-code/.credentials.json` now shows the **host-current** inode — no restart needed. 5. A dispatched task authenticates with the fresh token. ### Tests - [ ] Unit / integration: a mount-spec builder test that given `credentials_host_path` emits a directory mount for the parent. - [ ] Manual smoke test script in `scripts/` that rewrites creds on the host, then calls `docker exec` on each agent container to verify the fresh inode is visible. ### Docs - [ ] `CLAUDE.md`: note that credentials are directory-mounted, and `claude login` on the host is picked up automatically by running containers. - [ ] Update the `claude-creds-mirror.service` comment in memory / `scripts/setup` to explain it's no longer strictly required (but still useful so the mirror stays in sync). ## Out of scope - Writing creds back from the container (SDK auto-refresh path) — still read-only. - Moving credentials into a secrets-manager backend (Vault / sops) — that's a separate story. - Rotating the refresh token itself — upstream Anthropic concern. ## References - Debugging session on #56 (where we discovered the inode-orphan behavior and manually `docker restart`-ed the trio). - systemd path unit installed today: `~/.config/systemd/user/claude-creds-mirror.{path,service}`. - Agent config the mount comes from: `config/agents.json` → `agents.*.container.credentials_host_path`. - Memory note: `~/.claude/projects/-home-charles-Workspace-claude-hooks/memory/agents.md`. ## Dependencies - **Blocked by:** nothing. - **Blocks:** indirectly every long-running agent container survives a `claude login` without manual intervention; tightens the reliability story for #56 and every future agent type. - **Branch off:** `main`.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
chore/sync-pre-push-from-forge-base
fix/flows-yaml-dispatch-identity
feat/board-tap-to-assign
dev/1107
code-lead/1106
code-lead/1108
dev/1104
code-lead/1103
code-lead/1080
dev/1087
feat/flows-yaml-ci-events
chore/board-drop-stalled-and-density-controls
fix/flows-yaml-routes-always-register
flows-yaml/api-defaults
dev/1023
fix/event-log-history-bleed
fix/janitor-fix-ci-logs-and-cap
dev/1022
fix/board-card-provider
code-lead/1036
dev/1025
code-lead/1020
dev/1017
code-lead/1026
feat/web-shortcut-registry-1018
dev/1015
code-lead/1009
code-lead/1008
dev/975
dev/969
dev/973
dev/967
code-lead/968
code-lead/953
dev/970
dev/976
code-lead/966
code-lead/956
code-lead/951
dev/962
dev/963
dev/977
dev/955
dev/983
dev/961
dev/974
code-lead/950
code-lead/939
dev/941
dev/940
dev/937
dev/938
dev/936
dev/935
feat/web-i18n-fr-locale
feat/spec-editor-ui-polish
chore/drop-legacy-compat
fix/skills-drop-preview-pane
fix/882-skills-safety-rail
dev/911
dev/909
dev/923
dev/917
dev/915
feat/879-sr11-m2-drop-legacy-skill
code-lead/873
dev/881
code-lead/869
dev/867
code-lead/845
code-lead/843
code-lead/844
dev/837
dev/861
dev/849
code-lead/837
code-lead/842
fix/dedup-rebase-inflight
dev/838
code-lead/847
dev/833
code-lead/848
pr/838
code-lead/841
feat/settings-save-bar/836
code-lead/840
dev/846
code-lead/839
dev/832
fix/board-sse-stale-cache
dev/834
dev/835
feat/settings-breadcrumbs
feat/forge-oauth-credentials
refactor/service-config-consolidation
feat/agent-tokens-to-secrets
feat/gitlab-oauth-to-db
feat/authelia-rip-and-voice-fixes
fix/rebase-storm-and-dead-letter
code-lead/797
code-lead/796
dev/811
code-lead/798
dev/810
code-lead/795
dev/808
code-lead/794
dev/805
dev/802
dev/803
feat/avatar-menu-settings-entry
feat/per-agent-token-tracking
dev/793
dev/747
dev/752
code-lead/790
code-lead/759
dev/756
dev/760
dev/741
dev/767
dev/740
dev/709
dev/644
dev/637
boss/614
dev/600
dev/611
dev/585
fix/login-bonus-fixes
boss/544
dev/542
refactor/api-prefix-and-session-gate
dev/489
boss/531
boss/518
dev/499
boss/516
dev/530
dev/517
dev/519
dev/515
dev/522
dev/503
dev/471
boss/329
dev/417
dev/418
dev/402
boss/327
dev/334
dev/332
boss/326
boss/325
dev/331
boss/324
boss/323
boss/322
dev/294
test/s11-task-analytics
dev/262
boss/270
dev/268
foreman/ui-consolidation-spec
dev/234
boss/196
boss/176
boss/164
fix/124-session-persist-bind
boss/52
dev/87
boss/73
dev/77
dev/81
dev/82
boss/79
dev/42
dev/35
boss/7
No results found.
Labels
Clear labels   
area:agents
Agent types, pool scheduling, per-instance config

  
area:dashboard
Dashboard UI and observability surfaces

  
area:database
DB layer — schema, migrations, ORM, raw SQL

  
area:design
UI/UX mockup work — routes to designer agent

  
area:design-review
Design review dispatch — routes to design-reviewer agent

  
area:flows
Flow runner — YAML loader, executor, op registry, expression eval

  
area:infra
Deployment, isolation, containers, systemd units

  
area:meta
Tracking, scaffolding, project setup

  
area:security
Security — routes to reviewer-security (opus)

  
area:sessions
Session-id store, Claude SDK resume logic

  
area:webhook
Forgejo webhook routing and handlers

  
area:workdir
Clone cache, worktrees, git identity

  
security
Security-sensitive issue

  
type:bug
Bug

  
type:chore
Chore

  
type:meta
Tracking or decisions, not implementation work

  
type:user-story
User story

No labels
area:agents
area:dashboard
area:database
area:design
area:design-review
area:flows
area:infra
area:meta
area:security
area:sessions
area:webhook
area:workdir
security
type:bug
type:chore
type:meta
type:user-story
Milestone
Clear milestone
No items
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
dev
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
charles/claude-hooks#57
No description provided.