Skip to content

First-run setup does not recognize Claude/Codex subscription login path #465

Description

@bakabird

Symptom

In the first-run Setup flow, the Runtime Scan table can show Claude Code and Codex as installed while leaving AI access stuck at Login check pending:

Runtime      CLI        AI access
Claude Code  Installed  Login check pending
Codex        Installed  Login check pending
opencode     Installed  Needs AI key
Pi           Missing    CLI not installed

This is confusing for users who already authenticated with claude login / codex login: Setup still says "Connect one runtime to AI access" and the primary CTA remains Add AI credential, implying that an API key is required.

Related Codex context: codex://threads/019f3d7b-63b5-75a1-aefa-69c8d405f16a

Current behavior

The Setup model currently combines two signals:

/api/workspaces/agents  -> CLI binary installed on PATH
Alice vault credentials -> compatible API key exists

It does not probe or consume Claude/Codex local subscription login state. For installed Claude/Codex with no Alice vault key, the UI intentionally renders Login check pending.

Relevant code:

  • ui/src/components/first-run-guide-model.ts: Claude/Codex are marked as login runtimes, but chainReady is only installed && compatibleCredentialCount > 0.
  • ui/src/components/FirstRunGuide.spec.ts: explicitly asserts installed Claude/Codex are not usable until a runtime probe exists.
  • src/webui/routes/workspaces.ts: /api/workspaces/agents only reports PATH binary availability.
  • src/workspaces/agent-credential-readiness.ts: workspace launch readiness separately treats non-loginless agents as runtime-login ready.

Why this matters

There are currently two inconsistent meanings of "ready":

Setup readiness:        requires Alice vault API key
Workspace launch path:  treats Claude/Codex as runtime-login ready

That mismatch makes subscribed Claude/Codex users look blocked even when their runtime can actually launch.

Proposed fix

Pick one of these paths:

  1. Minimal UX fix: when Claude/Codex are installed and no compatible vault key exists, treat them as a usable runtime-login path in Setup and show something like Ready via CLI login or Uses CLI login instead of Login check pending.
  2. Fuller fix: add a real runtime login probe for Claude/Codex, expose it through the agents/readiness API, then render explicit states:
    • Ready via CLI login
    • Run claude login / codex login
    • Login check failed
    • Recheck login

Either way, the first-run CTA should not funnel subscription-login users only toward Add AI credential.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions