AntFleet

Receipt · 6017bf3f-1

Token reassembly from `claude setup-token` can splice in non-token text and write garbage to CLAUDE_CODE_OAUTH_TOKEN

bughighclosed in 4b9b492closed in 46 minutes
repo 6f7fc663·PR #25·reviewed 2 days ago·2 days ago

The finding

  • dashboard/app/api/auth/route.ts:81-108
The first-line push is `tokenChars.push(trimmed)` without filtering — `trimmed` is the entire first line starting at `sk-ant-oat`, which in real `claude setup-token` output is wrapped inside an ANSI/box-drawing TUI and often contains trailing spaces, box characters, or ANSI escape sequences. Because no regex is applied to the first line, ANSI escape bytes and box-drawing glyphs get concatenated into `token`. The resulting `token` is then written to the GitHub secret as the OAuth token, silently corrupting auth. Worse, since `output.indexOf('sk-ant-oat')` only checks existence, even unrelated occurrences (e.g. inside a help string) get accepted. The handler then returns `ok: true` despite the bogus value.

Fix

Strip ANSI escapes first (e.g. `output.replace(/\x1b\[[0-9;]*[A-Za-z]/g, '')`), then extract with a strict regex like `/sk-ant-oat[A-Za-z0-9_-]+/` over the cleaned text, possibly joined across line breaks first by removing all whitespace inside the matched run. Validate length/format before calling `gh secret set` and surface an error otherwise.

Agent attribution

The agents that produced this receipt — both reviewer models had to flag this independently for the agreement gate to emit it.

anthropic

gpt-5

78.0s · error

openai

claude-opus-4-7

126.2s · error

Total

wall-clock review time · est. inference cost

126.2s · $0.40

Sweeper

closed at SHA 4b9b492

closed in 46 minutes

internal review id · 6017bf3f

Third-party witnesses

Everything below lives on GitHub's event log, not ours. Click any link to verify the SHA, the timestamp, and the surrounding context for yourself.

← back to all receipts