chore(scripts): add Windows PowerShell OAuth token exporter#42
Merged
Conversation
scripts/export_oauth_token.ps1 mirrors export_oauth_token.sh for
Windows: reads %USERPROFILE%\.claude\.credentials.json (where the
`claude` CLI stores credentials on Windows — there's no Keychain) and
exports $env:CLAUDE_CODE_OAUTH_TOKEN for the current PowerShell
session. Use via dot-source:
. .\scripts\export_oauth_token.ps1
Verified end-to-end: the env var set by this script flows through
`nasde run` into Harbor's ClaudeCode agent
(harbor/agents/installed/claude_code.py:979) and is forwarded into
the sandbox container.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- export_oauth_token.sh: fall back to ~/.claude/.credentials.json on Linux (no Keychain). macOS path unchanged. Validates that fallback may need adjustment if `claude` CLI on Linux uses libsecret instead of plain JSON — flagged for VM testing. - Add export_codex_oauth_token.ps1 and export_gemini_oauth_token.ps1 (Windows equivalents of the existing .sh scripts). - Rewrite "Authentication setup" in nasde-benchmark-runner SKILL.md as per-agent / per-OS tables (macOS, Linux, Windows PS, Windows WSL). Skill now asks the user OAuth-vs-API-key per agent before running. cmd.exe documented as "use PowerShell or WSL". Tested on macOS so far. Ubuntu VM and Windows 11 VM (PowerShell + WSL2) validation pending.
This was referenced May 9, 2026
Merged
szjanikowski
added a commit
that referenced
this pull request
May 9, 2026
* docs(changelog): record Windows compat + skill bundling under [Unreleased] Captures everything that landed since v0.3.2 (PRs #42, #43, #44, #45) so the release notes are queued up. Keeps the section under [Unreleased] deliberately — more fixes are still expected before cutting v0.3.3, and release docs say the version header should be added at release-cut time. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * docs(changelog): record .gitattributes LF enforcement (#47) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * docs(changelog): record harbor[cloud] dependency switch (#48) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore: release v0.3.3 Cuts v0.3.3 from the accumulated [Unreleased] section. Patch bump (pre-1.0 policy): no breaking changes to user-facing CLI, nasde.toml schema, or benchmark project layout — Windows compat, OAuth-script bundling, harbor[cloud] dep switch are all transparent to users. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Szymon Janikowski <szymon.janikowski@itlibrium.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
scripts/export_oauth_token.ps1, the Windows-side counterpart ofscripts/export_oauth_token.sh.%USERPROFILE%\.claude\.credentials.json(where theclaudeCLI stores credentials on Windows — no Keychain) and exports$env:CLAUDE_CODE_OAUTH_TOKENin the current PowerShell session.. .\scripts\export_oauth_token.ps1Why
Existing
export_oauth_token.shcallssecurity find-generic-password, which only exists on macOS. Windows users had to extract the token manually before runningnasde run.Verification
End-to-end check on Windows 11 + Docker Desktop:
$env:CLAUDE_CODE_OAUTH_TOKEN(108-char token).docker run --rm -e CLAUDE_CODE_OAUTH_TOKEN ubuntu:22.04 ...reproduces the same length inside the container.ClaudeCode.run()reads the var viaos.environ.get("CLAUDE_CODE_OAUTH_TOKEN", "")(harbor/agents/installed/claude_code.py:979) and forwards it toenvironment.exec(env=...), sonasde runinherits it transparently.Test plan
. .\scripts\export_oauth_token.ps1printsOK CLAUDE_CODE_OAUTH_TOKEN exported (sk-ant-oat01-...).$env:CLAUDE_CODE_OAUTH_TOKEN.Lengthreports the current token length.nasde run --variant claude-vanilla -C examples/...from the same PowerShell session uses the subscription token (noANTHROPIC_API_KEYneeded).🤖 Generated with Claude Code