Bug Description
In packages/core/src/clients/claude.ts, the hasExplicitTokens variable is computed using the nullish coalescing operator (??) instead of the logical OR operator (||):
const hasExplicitTokens = Boolean(
process.env.CLAUDE_CODE_OAUTH_TOKEN ?? process.env.CLAUDE_API_KEY
);
The Problem
The ?? operator only falls through to the right-hand side when the left side is null or undefined. It does NOT fall through for an empty string ("").
This means: if a user has CLAUDE_CODE_OAUTH_TOKEN="" (empty string — a common misconfiguration where the variable is set but empty) and a valid CLAUDE_API_KEY, the expression evaluates to Boolean("") = false, so hasExplicitTokens = false.
As a result, Archon incorrectly falls back to global auth mode even though CLAUDE_API_KEY is set and valid.
Expected vs. Actual Behavior
| Env vars |
Expected |
Actual |
CLAUDE_CODE_OAUTH_TOKEN="", CLAUDE_API_KEY="sk-..." |
hasExplicitTokens = true (use explicit token) |
hasExplicitTokens = false (falls to global auth) |
CLAUDE_CODE_OAUTH_TOKEN=undefined, CLAUDE_API_KEY="sk-..." |
hasExplicitTokens = true |
hasExplicitTokens = true ✓ |
Note: The code already warns about empty tokens (emptyTokens check a few lines above), but the downstream logic is still broken because hasExplicitTokens is incorrectly computed.
Fix
Replace ?? with ||:
// Before (buggy):
const hasExplicitTokens = Boolean(
process.env.CLAUDE_CODE_OAUTH_TOKEN ?? process.env.CLAUDE_API_KEY
);
// After (correct):
const hasExplicitTokens = Boolean(
process.env.CLAUDE_CODE_OAUTH_TOKEN || process.env.CLAUDE_API_KEY
);
With ||, an empty string is falsy and falls through to check CLAUDE_API_KEY, which is the intended behavior.
Impact
Users who accidentally set CLAUDE_CODE_OAUTH_TOKEN to an empty string (e.g., in a .env file with CLAUDE_CODE_OAUTH_TOKEN=) and have a valid CLAUDE_API_KEY will experience auth failures because Archon incorrectly routes to global auth instead of using their API key.
File
packages/core/src/clients/claude.ts, line ~112
Bug Description
In
packages/core/src/clients/claude.ts, thehasExplicitTokensvariable is computed using the nullish coalescing operator (??) instead of the logical OR operator (||):The Problem
The
??operator only falls through to the right-hand side when the left side isnullorundefined. It does NOT fall through for an empty string ("").This means: if a user has
CLAUDE_CODE_OAUTH_TOKEN=""(empty string — a common misconfiguration where the variable is set but empty) and a validCLAUDE_API_KEY, the expression evaluates toBoolean("") = false, sohasExplicitTokens = false.As a result, Archon incorrectly falls back to global auth mode even though
CLAUDE_API_KEYis set and valid.Expected vs. Actual Behavior
CLAUDE_CODE_OAUTH_TOKEN="",CLAUDE_API_KEY="sk-..."hasExplicitTokens = true(use explicit token)hasExplicitTokens = false(falls to global auth)CLAUDE_CODE_OAUTH_TOKEN=undefined,CLAUDE_API_KEY="sk-..."hasExplicitTokens = truehasExplicitTokens = true✓Note: The code already warns about empty tokens (
emptyTokenscheck a few lines above), but the downstream logic is still broken becausehasExplicitTokensis incorrectly computed.Fix
Replace
??with||:With
||, an empty string is falsy and falls through to checkCLAUDE_API_KEY, which is the intended behavior.Impact
Users who accidentally set
CLAUDE_CODE_OAUTH_TOKENto an empty string (e.g., in a.envfile withCLAUDE_CODE_OAUTH_TOKEN=) and have a validCLAUDE_API_KEYwill experience auth failures because Archon incorrectly routes to global auth instead of using their API key.File
packages/core/src/clients/claude.ts, line ~112