feat(foundry): implement provider credential management (Claude, Codex)

Add credential extraction, injection, and UI for managing Claude and Codex OAuth credentials in sandbox environments. Credentials are stored per-user in the user actor, injected on task owner swap, and periodically re-extracted to capture token refreshes. Frontend account settings show provider sign-in status. Changes: - User actor: new userProviderCredentials table with upsert/get actions - Task workspace: extract/inject provider credentials, integrate with owner swap and polling - App snapshot: include provider credential status (anthropic/openai booleans) - Frontend: new Providers section in account settings Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
2026-04-20 20:01:13 +00:00 · 2026-03-17 02:34:15 -07:00 · 2026-03-17 02:34:15 -07:00 · c1a4895303
commit c1a4895303
parent 3895e34bdb
14 changed files with 481 additions and 11 deletions
--- a/foundry/packages/client/src/backend-client.ts
+++ b/foundry/packages/client/src/backend-client.ts
@ -404,6 +404,7 @@ function signedOutAppSnapshot(): FoundryAppSnapshot {
        skippedAt: null,
      },
    },
+    providerCredentials: { anthropic: false, openai: false },
    users: [],
    organizations: [],
  };
--- a/foundry/packages/client/src/mock-app.ts
+++ b/foundry/packages/client/src/mock-app.ts
@ -96,6 +96,10 @@ export interface MockFoundryAppSnapshot {
      skippedAt: number | null;
    };
  };
+  providerCredentials: {
+    anthropic: boolean;
+    openai: boolean;
+  };
  users: MockFoundryUser[];
  organizations: MockFoundryOrganization[];
 }
@ -229,6 +233,10 @@ function buildDefaultSnapshot(): MockFoundryAppSnapshot {
        skippedAt: null,
      },
    },
+    providerCredentials: {
+      anthropic: false,
+      openai: false,
+    },
    users: [
      {
        id: "user-nathan",
@ -405,6 +413,10 @@ function parseStoredSnapshot(): MockFoundryAppSnapshot | null {
          skippedAt: parsed.onboarding?.starterRepo?.skippedAt ?? null,
        },
      },
+      providerCredentials: {
+        anthropic: parsed.providerCredentials?.anthropic ?? false,
+        openai: parsed.providerCredentials?.openai ?? false,
+      },
      organizations: (parsed.organizations ?? []).map((organization: MockFoundryOrganization & { repoImportStatus?: string }) => ({
        ...organization,
        github: {
--- a/foundry/packages/client/src/mock/backend-client.ts
+++ b/foundry/packages/client/src/mock/backend-client.ts
@ -78,6 +78,7 @@ function unsupportedAppSnapshot(): FoundryAppSnapshot {
        skippedAt: null,
      },
    },
+    providerCredentials: { anthropic: false, openai: false },
    users: [],
    organizations: [],
  };
--- a/foundry/packages/client/src/remote/app-client.ts
+++ b/foundry/packages/client/src/remote/app-client.ts
@ -20,6 +20,7 @@ class RemoteFoundryAppStore implements FoundryAppClient {
        skippedAt: null,
      },
    },
+    providerCredentials: { anthropic: false, openai: false },
    users: [],
    organizations: [],
  };