Remove automatic claude token refresh

Author: willwashburn

CHANGELOG.md

@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.7.2] - 2026-01-03
+
+### Removed
+
+- Automatic OAuth token refresh for Claude - was corrupting tokens stored in Keychain
+
 ## [0.7.1] - 2026-01-02
 
 ### Fixed
@@ -99,7 +105,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Standalone binary builds for macOS (arm64 and x64)
 - npm package distribution
 
-[Unreleased]: https://github.com/AgentWorkforce/limit/compare/v0.7.1...HEAD
+[Unreleased]: https://github.com/AgentWorkforce/limit/compare/v0.7.2...HEAD
+[0.7.2]: https://github.com/AgentWorkforce/limit/compare/v0.7.1...v0.7.2
 [0.7.1]: https://github.com/AgentWorkforce/limit/compare/v0.7.0...v0.7.1
 [0.7.0]: https://github.com/AgentWorkforce/limit/compare/v0.6.2...v0.7.0
 [0.6.2]: https://github.com/AgentWorkforce/limit/compare/v0.6.0...v0.6.2

package.json

@@ -1,6 +1,6 @@
 {
   "name": "agent-limit",
-  "version": "0.7.1",
+  "version": "0.7.2",
   "description": "Terminal dashboard to monitor Claude Code, Codex, and other agent usage limits",
   "type": "module",
   "main": "src/index.tsx",

src/providers/claude.ts

@@ -1,30 +1,16 @@
 import {
   getClaudeCredentials,
-  refreshClaudeToken,
-  saveClaudeCredentials,
   type ClaudeCredentials,
 } from "../utils/keychain";
 import { timeUntil } from "../utils/time";
 import type { ProviderStatus } from "./types";
 
-const TOKEN_REFRESH_BUFFER_MS = 5 * 60 * 1000;
-
 interface ClaudeUsageResponse {
   five_hour: { utilization: number; resets_at: string | null } | null;
   seven_day: { utilization: number; resets_at: string | null } | null;
   seven_day_opus: { utilization: number; resets_at: string | null } | null;
 }
 
-async function tryRefreshCredentials(
-  credentials: ClaudeCredentials
-): Promise<ClaudeCredentials | null> {
-  const refreshed = await refreshClaudeToken(credentials.refreshToken);
-  if (refreshed) {
-    await saveClaudeCredentials(refreshed);
-  }
-  return refreshed;
-}
-
 async function fetchUsageWithCredentials(
   credentials: ClaudeCredentials
 ): Promise<Response> {
@@ -41,7 +27,7 @@ async function fetchUsageWithCredentials(
 }
 
 export async function fetchClaudeUsage(): Promise<ProviderStatus> {
-  let credentials = await getClaudeCredentials();
+  const credentials = await getClaudeCredentials();
 
   if (!credentials) {
     return {
@@ -52,24 +38,8 @@ export async function fetchClaudeUsage(): Promise<ProviderStatus> {
     };
   }
 
-  const tokenExpiresSoon = credentials.expiresAt < Date.now() + TOKEN_REFRESH_BUFFER_MS;
-  if (tokenExpiresSoon) {
-    const refreshed = await tryRefreshCredentials(credentials);
-    if (refreshed) {
-      credentials = refreshed;
-    }
-  }
-
   try {
-    let response = await fetchUsageWithCredentials(credentials);
-
-    if (response.status === 401) {
-      const refreshed = await tryRefreshCredentials(credentials);
-      if (refreshed) {
-        credentials = refreshed;
-        response = await fetchUsageWithCredentials(credentials);
-      }
-    }
+    const response = await fetchUsageWithCredentials(credentials);
 
     if (!response.ok) {
       if (response.status === 401) {

src/utils/keychain.ts

@@ -1,7 +1,5 @@
 import { $ } from "bun";
 
-const CLAUDE_CLIENT_ID = "9d1c250a-e61b-44d9-88ed-5944d1962f5e";
-const CLAUDE_TOKEN_ENDPOINT = "https://console.anthropic.com/v1/oauth/token";
 const KEYCHAIN_SERVICE = "Claude Code-credentials";
 
 export async function getKeychainCredentials(service: string): Promise<string | null> {
@@ -15,16 +13,6 @@ export async function getKeychainCredentials(service: string): Promise<string |
   }
 }
 
-async function setKeychainCredentials(service: string, data: string): Promise<boolean> {
-  try {
-    await $`security delete-generic-password -s ${service}`.quiet().nothrow();
-    await $`security add-generic-password -s ${service} -w ${data}`.quiet();
-    return true;
-  } catch {
-    return false;
-  }
-}
-
 export interface ClaudeCredentials {
   accessToken: string;
   refreshToken: string;
@@ -45,62 +33,6 @@ export async function getClaudeCredentials(): Promise<ClaudeCredentials | null>
   }
 }
 
-interface TokenRefreshResponse {
-  token_type: string;
-  access_token: string;
-  expires_in: number;
-  refresh_token: string;
-  scope: string;
-}
-
-export async function refreshClaudeToken(
-  refreshToken: string
-): Promise<ClaudeCredentials | null> {
-  try {
-    const response = await fetch(CLAUDE_TOKEN_ENDPOINT, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({
-        grant_type: "refresh_token",
-        refresh_token: refreshToken,
-        client_id: CLAUDE_CLIENT_ID,
-      }),
-    });
-
-    if (!response.ok) {
-      return null;
-    }
-
-    const data: TokenRefreshResponse = await response.json();
-
-    return {
-      accessToken: data.access_token,
-      refreshToken: data.refresh_token,
-      expiresAt: Date.now() + data.expires_in * 1000,
-      scopes: data.scope.split(" "),
-      subscriptionType: "Pro",
-    };
-  } catch {
-    return null;
-  }
-}
-
-export async function saveClaudeCredentials(
-  credentials: ClaudeCredentials
-): Promise<boolean> {
-  try {
-    const raw = await getKeychainCredentials(KEYCHAIN_SERVICE);
-    if (!raw) return false;
-
-    const parsed = JSON.parse(raw);
-    parsed.claudeAiOauth = credentials;
-
-    return await setKeychainCredentials(KEYCHAIN_SERVICE, JSON.stringify(parsed));
-  } catch {
-    return false;
-  }
-}
-
 export interface CodexCredentials {
   accessToken: string;
   accountId: string;