credentials

package

v0.1.0 Latest Latest Go to latest Published: Feb 24, 2026 License: Apache-2.0 Imports: 8 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/vinayprograms/agentkit

Links

Open Source Insights

Documentation ¶

Overview ¶

Claude CLI credential discovery. Reads OAuth tokens from Claude CLI's credential store.

Package credentials loads API keys and OAuth tokens from standard locations.

Index ¶

Variables
func ClaudeCliCredentialsPath() string
func DefaultPath() string
func HasClaudeCliCredentials() bool
func StandardPaths() []string
type Credential
type Credentials
- func Load() (*Credentials, string, error)
- func LoadFile(path string) (*Credentials, error)
type OAuthToken
- func ReadClaudeCliCredentials() *OAuthToken
- func (t *OAuthToken) IsExpired() bool
- func (t *OAuthToken) IsValid() bool
type ProviderCreds

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrInsecurePermissions = fmt.Errorf("credentials file has insecure permissions")

ErrInsecurePermissions is returned when credentials file has overly permissive permissions.

View Source

var ErrTokenExpired = fmt.Errorf("oauth token expired")

ErrTokenExpired is returned when an OAuth token has expired and no refresh token is available.

Functions ¶

func ClaudeCliCredentialsPath ¶

func ClaudeCliCredentialsPath() string

ClaudeCliCredentialsPath returns the path to Claude CLI's credentials file.

func DefaultPath ¶

func DefaultPath() string

DefaultPath returns the default credentials file path (~/.config/grid/credentials.toml)

func HasClaudeCliCredentials ¶

func HasClaudeCliCredentials() bool

HasClaudeCliCredentials returns true if valid Claude CLI credentials exist.

func StandardPaths ¶

func StandardPaths() []string

StandardPaths returns the standard credential file locations in order of priority

Types ¶

type Credential ¶

type Credential struct {
	Key          string // The API key or access token
	IsOAuthToken bool   // True if Key is an OAuth access token (needs Bearer auth)
}

Credential holds a resolved credential (API key or OAuth token).

type Credentials ¶

type Credentials struct {
	// LLM is the generic LLM API key (used when provider-specific key not found)
	LLM *ProviderCreds `toml:"llm"`
	// contains filtered or unexported fields
}

Credentials holds API keys and OAuth tokens loaded from credentials.toml Uses a generic map to support any provider without hardcoding.

func Load ¶

func Load() (*Credentials, string, error)

Load loads credentials from the first available standard location. Returns an error if a credentials file exists but has insecure permissions.

func LoadFile ¶

func LoadFile(path string) (*Credentials, error)

LoadFile loads credentials from a specific file. Returns ErrInsecurePermissions if file is readable by group or others.

func (*Credentials) GetAPIKey ¶

func (c *Credentials) GetAPIKey(provider string) string

GetAPIKey returns the API key or OAuth access token for a provider. For type-aware credential handling, use GetCredential instead. Priority: Claude CLI (for anthropic) > [provider.oauth] > [provider].api_key > [llm].api_key > env var

func (*Credentials) GetCredential ¶

func (c *Credentials) GetCredential(provider string) Credential

GetCredential returns the credential for a provider with type information. Priority: Claude CLI (for anthropic) > [provider.oauth] > [provider].api_key > [llm].api_key > env var

func (*Credentials) GetOAuthToken ¶

func (c *Credentials) GetOAuthToken(provider string) *OAuthToken

GetOAuthToken returns the OAuth token for a provider, if any.

func (*Credentials) HasValidOAuthToken ¶

func (c *Credentials) HasValidOAuthToken(provider string) bool

HasValidOAuthToken returns true if the provider has a valid (non-expired) OAuth token.

func (*Credentials) NeedsRefresh ¶

func (c *Credentials) NeedsRefresh(provider string) bool

NeedsRefresh returns true if the provider has an OAuth token that needs refreshing.

func (*Credentials) Save ¶

func (c *Credentials) Save() error

Save writes the credentials back to the source file (or default path).

func (*Credentials) SaveFile ¶

func (c *Credentials) SaveFile(path string) error

SaveFile writes credentials to a specific file.

func (*Credentials) SetAPIKey ¶

func (c *Credentials) SetAPIKey(provider, apiKey string)

SetAPIKey stores or updates an API key for a provider.

func (*Credentials) SetOAuthToken ¶

func (c *Credentials) SetOAuthToken(provider string, token *OAuthToken)

SetOAuthToken stores or updates an OAuth token for a provider.

type OAuthToken ¶

type OAuthToken struct {
	AccessToken  string    `toml:"access_token"`
	RefreshToken string    `toml:"refresh_token,omitempty"`
	ExpiresAt    time.Time `toml:"expires_at,omitempty"`
	ClientID     string    `toml:"client_id,omitempty"`
	Scopes       []string  `toml:"scopes,omitempty"`
}

OAuthToken holds OAuth2 token credentials for a provider

func ReadClaudeCliCredentials ¶

func ReadClaudeCliCredentials() *OAuthToken

ReadClaudeCliCredentials reads OAuth credentials from Claude CLI's credential store. Returns nil if credentials file doesn't exist or can't be parsed.

func (*OAuthToken) IsExpired ¶

func (t *OAuthToken) IsExpired() bool

IsExpired returns true if the token has expired or will expire within the buffer period.

func (*OAuthToken) IsValid ¶

func (t *OAuthToken) IsValid() bool

IsValid returns true if the token exists and is not expired.

type ProviderCreds ¶

type ProviderCreds struct {
	APIKey string `toml:"api_key"`
}

ProviderCreds holds credentials for a single provider

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL