Expand description
Detect which auth strategy the embedded Claude Code CLI will use.
Claude Code resolves auth at invocation time by inspecting a few
environment variables, falling back to credentials stored under
~/.claude/ when none are set. This module mirrors that
precedence as a cheap, sync, env-only check so hosts can introspect
the active mode before spawning a turn.
It is not a liveness check – a reported AuthStrategy::Subscription
only means “no env auth set”; the user might not have run
claude login yet. Use the claude auth status CLI for that.
§Precedence
CLAUDE_CODE_USE_BEDROCKtruthy ->AuthStrategy::BedrockCLAUDE_CODE_USE_VERTEXtruthy ->AuthStrategy::VertexANTHROPIC_API_KEYnon-empty ->AuthStrategy::ApiKeyCLAUDE_CODE_OAUTH_TOKENnon-empty ->AuthStrategy::OauthToken- Otherwise ->
AuthStrategy::Subscription
Cloud-provider strategies (Bedrock, Vertex) take precedence because they redirect ALL traffic regardless of API key presence.
§Example
use claude_wrapper::auth;
let summary = auth::detect();
println!("strategy: {:?}", summary.strategy);
if summary.has_anthropic_api_key {
println!("note: ANTHROPIC_API_KEY is set in the environment");
}Structs§
- Auth
Summary - Snapshot of auth-relevant environment state. Returned by
detectso callers see both the resolved strategy and the raw signals that drove the decision.
Enums§
- Auth
Error Kind - Best-effort classification of an auth-related CLI failure.
- Auth
Strategy - Active auth strategy, as inferred from the host environment.
Functions§
- classify_
failure - Inspect a failed
claudeinvocation and decide whether it looks auth-shaped. ReturnsSome(kind)only when the patterns are confident enough to risk relabeling. - detect
- Detect the active auth strategy from the current process environment. Cheap; no subprocess, no filesystem reads.
- detect_
from - Same as
detectbut reads from a caller-provided env map. Exposed for tests and for hosts that want to introspect a child environment they’re about to spawn under.