feat(assistant): subscription-auth Claude Code via local CLI + MCP bridge#8
Merged
Conversation
…idge Add a parallel agent runtime for CLI-backed providers (Claude Code first; Codex/OpenCode registered as stubs) so users can drive agents through their existing vendor subscriptions instead of paying for API access. CLAI hosts an in-process MCP server that exposes its own tool registry (fs_*, bash_exec, inter-agent, workspace tasks) to the CLI; the CLI's built-in tools are disabled, keeping CLAI's permission gates as the single source of truth. - providers/cli.rs: claude-code/codex/opencode descriptors with SubscriptionLogin auth mode and static model lists - local_mcp.rs: rmcp streamable-http server bound to 127.0.0.1, per-session bearer-token bindings carrying run_id/cancel/notices into tools::router - local_agent.rs: Claude Code driver — stream-json parser, --session-id on first turn / --resume after, --permission-mode bypassPermissions so MCP tools aren't blocked by Claude's headless approval layer, stderr-tail enrichment on failures, orphan-session recovery when --resume reports "no conversation found" - engine.rs: route CLI providers to the new runtime - commands/provider_connections.rs: subscription-login create path, provider_descriptor_models command for static CLI model lists, CLI test-connection probe (`claude auth status --json`) - types.rs / context plumbing: cli_session_id persisted on session context - AssistantProviderSettings.jsx: CLI branch (no API key, auth hint, model select, "CLI binary path" relabel) - AgentFormModal.jsx: "via CLI" badges so users can tell subscription connections apart from API ones - docs/CLI_AGENT_INTEGRATION_RFC.md: design doc covering the architecture, per-CLI specifics, risks, and phased rollout
Scheduled-run trigger messages start with `--- New scheduled run at ... ---` which Claude Code's argv parser treats as an unknown long option, breaking every scheduled CLI run. Stop passing the prompt as a positional arg and pipe it via stdin instead — the parser never sees the content. Also forward-compatible with the long-lived `--input-format stream-json` mode we may add later.
5 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
fs_*,bash_exec, inter-agent calls, workspace tasks) to the CLI; the CLI's built-in tools are disabled, leaving CLAI's permission gates (workspace_permissions,command_splitter, path grants) as the single source of truth.<select>populated from the descriptor, "CLI binary path" relabel, auth-flow hint. Agent picker shows a "via CLI" badge so subscription-backed connections are distinguishable from API ones.docs/CLI_AGENT_INTEGRATION_RFC.md.What's working end-to-end now
--session-idon the first turn /--resume <id>on follow-ups, stderr-tail in failure messages, orphan-session recovery when--resumereports "no conversation found",--permission-mode bypassPermissionsso MCP tools aren't blocked by Claude's headless approval layer.What's stubbed (deferred)
Test plan
cargo fmt+cargo clippy --lib -- -D warnings(pre-push hook) cleancargo test --lib— 301 pass, 1 ignorednpm run build+ ESLint on touched JS filesTestbutton runsclaude auth status --jsonand reports loggedIn state--session-idfirst,--resumeafter)fs_writelands in the agent workspace and shows up in the timeline (--permission-mode bypassPermissionsfix)