Problem
When reattaching to a session from a previous day, Claude Code shows 403 Invalid access token because PAT rotation updates ~/.databrickscfg and DATABRICKS_TOKEN env var but NOT the CLI config files.
All coding agent CLIs store the token as a literal value:
- Claude:
~/.claude/settings.json → env.ANTHROPIC_AUTH_TOKEN
- Codex:
~/.codex/.env → OPENAI_API_KEY=
- OpenCode:
~/.local/share/opencode/auth.json → databricks.api_key
- Gemini:
~/.gemini/.env → GEMINI_API_KEY=
These are only written once via _configure_all_cli_auth() in /api/configure-pat. After 10-min rotation, the literal values are stale.
Fix
Add _update_cli_tokens(token) that swaps the literal token in each config file. Call it from pat_rotator._persist_token() on every rotation.
Related
Problem
When reattaching to a session from a previous day, Claude Code shows
403 Invalid access tokenbecause PAT rotation updates~/.databrickscfgandDATABRICKS_TOKENenv var but NOT the CLI config files.All coding agent CLIs store the token as a literal value:
~/.claude/settings.json→env.ANTHROPIC_AUTH_TOKEN~/.codex/.env→OPENAI_API_KEY=~/.local/share/opencode/auth.json→databricks.api_key~/.gemini/.env→GEMINI_API_KEY=These are only written once via
_configure_all_cli_auth()in/api/configure-pat. After 10-min rotation, the literal values are stale.Fix
Add
_update_cli_tokens(token)that swaps the literal token in each config file. Call it frompat_rotator._persist_token()on every rotation.Related