Reads %USERPROFILE%\.claude\.credentials.json (or ~/.claude/.credentials.json),
extracts the access and refresh tokens, stores them encrypted in Wraith's vault.
Works when Wraith's own OAuth exchange fails. If Claude Code is authenticated
on the same machine, Wraith piggybacks on the existing token.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Claude Code sends code=true param and requests all 5 scopes:
org:create_api_key user:profile user:inference user:sessions:claude_code
user:mcp_servers. Wraith was only requesting user:inference and missing
the code=true flag, which likely caused the token exchange rejection.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The callback page now shows the real error message instead of a generic
"Failed to exchange" message. Token exchange tries JSON Content-Type first
(matching Claude Code's pattern) with form-encoded fallback. Full response
body logged for debugging.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- OAuth PKCE flow for Max subscription auth (no API key needed)
- Claude API client with SSE streaming (Messages API v1)
- 16 tool definitions: terminal, SFTP, RDP, session management
- Tool dispatch router mapping to existing Wraith services
- Conversation manager with SQLite persistence
- Terminal output ring buffer for AI context
- RDP screenshot encoder (RGBA → JPEG with downscaling)
- Wired into Wails app as AIService
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
