From f1c93b81d1769511695c2e3e6b3e715d250ddd6f Mon Sep 17 00:00:00 2001 From: Chris Farhood Date: Fri, 20 Feb 2026 09:24:54 -0500 Subject: [PATCH] fix: require ANTHROPIC_API_KEY for Claude Code auth in VNC container MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Browser-based OAuth login does not work inside the VNC session because the OAuth redirect callback cannot reach back into the container. The solution is to set ANTHROPIC_API_KEY in the Kubernetes secret — when this env var is present, Claude Code skips browser auth entirely. Changes: - init-repo.sh: warn clearly at startup if ANTHROPIC_API_KEY is unset - values.yaml: document ANTHROPIC_API_KEY in the envSecretName comment - VARIABLES.md: add ANTHROPIC_API_KEY entry and update secret template Co-Authored-By: Claude Sonnet 4.6 --- VARIABLES.md | 16 +++++++++++++--- chart/values.yaml | 7 +++++-- scripts/init-repo.sh | 7 +++++++ 3 files changed, 25 insertions(+), 5 deletions(-) diff --git a/VARIABLES.md b/VARIABLES.md index 554d4b6..7614e48 100644 --- a/VARIABLES.md +++ b/VARIABLES.md @@ -59,9 +59,18 @@ These MUST be configured before deployment: - **Format:** `ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx` - **Scopes:** `repo` +### Anthropic API Key +- **Variable:** `ANTHROPIC_API_KEY` +- **File:** Kubernetes Secret (referenced by `envSecretName`) +- **Type:** String (Anthropic API key) +- **Description:** API key for Claude Code / Happy Coder authentication. Browser-based OAuth login does not work inside the VNC session, so this key is **required** for Happy Coder to function. +- **Required:** Yes (for Happy Coder / Claude Code) +- **Format:** `sk-ant-api03-...` +- **How to get:** https://console.anthropic.com/settings/keys + ### VNC Password - **Variable:** `vnc-password` -- **File:** Sealed Secret +- **File:** Kubernetes Secret (referenced by `envSecretName`) - **Type:** String - **Description:** Password for VNC web interface - **Required:** Recommended for security @@ -286,8 +295,9 @@ hostnames: ### With Secrets ```bash kubectl create secret generic antigravity-secrets \ - --from-literal=github-token='CHANGE_ME' \ - --from-literal=vnc-password='CHANGE_ME' \ + --from-literal=GITHUB_TOKEN='CHANGE_ME' \ + --from-literal=VNC_PASSWORD='CHANGE_ME' \ + --from-literal=ANTHROPIC_API_KEY='sk-ant-api03-...' \ --dry-run=client -o yaml | \ kubeseal --format=yaml > k8s/sealedsecrets.yaml ``` diff --git a/chart/values.yaml b/chart/values.yaml index 37627ee..58d9929 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -38,6 +38,9 @@ resources: memory: "8Gi" cpu: "4000m" -# Name of existing Secret containing env vars (GITHUB_TOKEN, VNC_PASSWORD, etc.) -# Defaults to: devcontainer-{name}-secrets-env +# Name of existing Secret containing env vars. Defaults to: devcontainer-{name}-secrets-env +# Recognized keys: +# GITHUB_TOKEN — PAT for private repo access +# VNC_PASSWORD — password for the VNC web UI +# ANTHROPIC_API_KEY — required for Claude Code / Happy Coder auth (browser login won't work in VNC) envSecretName: "" diff --git a/scripts/init-repo.sh b/scripts/init-repo.sh index 6a707a0..59bc873 100644 --- a/scripts/init-repo.sh +++ b/scripts/init-repo.sh @@ -59,6 +59,13 @@ chown -R "$RUN_UID:$RUN_GID" "$WORKSPACE_DIR" mkdir -p "$HOME" chown "$RUN_UID:$RUN_GID" "$HOME" +# Warn if ANTHROPIC_API_KEY is not set — browser-based Claude login won't work in VNC +if [ -z "$ANTHROPIC_API_KEY" ]; then + echo "WARNING: ANTHROPIC_API_KEY is not set." + echo " Claude Code cannot authenticate via browser inside this container." + echo " Add ANTHROPIC_API_KEY to your Kubernetes secret to enable Happy Coder." +fi + # Start Happy Coder daemon echo "Starting Happy Coder..." cd "$WORKSPACE_DIR"