From 945a865bbed3045057e49b166d45330874783066 Mon Sep 17 00:00:00 2001
From: Alexander <alexander0derevianko@gmail.com>
Date: Fri, 10 Apr 2026 14:14:38 +0200
Subject: [PATCH] refactor(config): remove claude_credentials, add default
 credential path

---
 internal/config/config.go | 48 +++++++++++++++++++++++++--------------
 1 file changed, 31 insertions(+), 17 deletions(-)

diff --git a/internal/config/config.go b/internal/config/config.go
index 6f1bc7c..df44d51 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -11,11 +11,10 @@ import (
 )
 
 type Config struct {
-	Port              int            `yaml:"port"`
-	APIKeys           []string       `yaml:"api_keys"`
-	ClaudeCredentials string         `yaml:"claude_credentials"`
-	ClaudeBinary      string         `yaml:"claude_binary"`
-	Sanitize          SanitizeConfig `yaml:"sanitize"`
+	Port         int            `yaml:"port"`
+	APIKeys      []string       `yaml:"api_keys"`
+	ClaudeBinary string         `yaml:"claude_binary"`
+	Sanitize     SanitizeConfig `yaml:"sanitize"`
 }
 
 type SanitizeConfig struct {
@@ -54,25 +53,38 @@ func Load(path string) (*Config, error) {
 		return nil, fmt.Errorf("parse config: %w", err)
 	}
 
+	// Check for deprecated claude_credentials field
+	var rawCfg map[string]interface{}
+	if err := yaml.Unmarshal(data, &rawCfg); err == nil {
+		if _, exists := rawCfg["claude_credentials"]; exists {
+			if val, ok := rawCfg["claude_credentials"].(string); ok && val != "" {
+				return nil, fmt.Errorf("claude_credentials is no longer supported, remove it from config.yaml — the proxy now manages credentials at ~/.claude/.credentials.json")
+			}
+		}
+	}
+
 	return cfg, nil
 }
 
-func LoadCredentials(cfg *Config) ([]*auth.Credential, error) {
-	if cfg.ClaudeCredentials == "" {
-		return nil, fmt.Errorf("claude_credentials not set")
-	}
-
-	cred, err := loadCredentials(cfg.ClaudeCredentials)
+func DefaultCredentialPath() string {
+	home, err := os.UserHomeDir()
 	if err != nil {
-		return nil, err
+		return ""
 	}
-
-	return []*auth.Credential{cred}, nil
+	return home + "/.claude/.credentials.json"
 }
 
-func loadCredentials(path string) (*auth.Credential, error) {
+func LoadDefaultCredentials() ([]*auth.Credential, error) {
+	path := DefaultCredentialPath()
+	if path == "" {
+		return nil, nil
+	}
+
 	data, err := os.ReadFile(path)
 	if err != nil {
+		if os.IsNotExist(err) {
+			return nil, nil
+		}
 		return nil, err
 	}
 
@@ -86,12 +98,14 @@ func loadCredentials(path string) (*auth.Credential, error) {
 		return nil, fmt.Errorf("no access token in %s", path)
 	}
 
-	return &auth.Credential{
+	cred := &auth.Credential{
 		ID:           "claude-native",
 		Email:        oauth.SubscriptionType,
 		AccessToken:  oauth.AccessToken,
 		RefreshToken: oauth.RefreshToken,
 		ExpiresAt:    time.UnixMilli(oauth.ExpiresAt),
 		FilePath:     path,
-	}, nil
+	}
+
+	return []*auth.Credential{cred}, nil
 }