Auth Guard
VerifiedStandardize API credential handling and startup auth checks to prevent "missing key" regressions across sessions. Use when an agent repeatedly loses auth sta...
$ Add to .claude/skills/ About This Skill
# Auth Guard
Enforce a deterministic auth path: one credential source, one helper command path, one startup check, one fallback policy.
Quick Workflow
- Identify the target service endpoint and current failing flow.
- Define canonical credential source (env var first, credentials file second).
- Create/update a helper script in workspace (`.pi/`) that always injects auth.
- Add a startup/auth-check command that verifies credentials and endpoint access.
- Update HEARTBEAT.md or AGENTS.md to require helper usage (ban raw unauthenticated calls).
- Add explicit fallback behavior for unauthorized states.
Rules to Apply
- Prefer `ENV_VAR` override, then `~/.config/<service>/credentials.json`.
- Never embed secrets in logs, memory notes, or chat responses.
- Never call protected endpoints via raw curl if a helper exists.
- Keep fallback behavior explicit and low-noise.
- Store helper scripts in `workspace/.pi/` for easy reuse.
Runtime Requirements
- `bash`
- `curl`
- `python3`
Check once before using this skill:
```bash command -v bash curl python3 >/dev/null ```
Safety Limits
- Pass only trusted credential paths under `~/.config/<service>/...` by default.
- Do not point `--cred-file` at arbitrary workspace files or unrelated secret stores.
- Keep probe URLs scoped to the target service auth endpoint.
Startup Auth Check Pattern
Run at session start (or before heartbeat loops):
```bash bash skills/auth-guard/scripts/auth_check.sh \ --service moltbook \ --url 'https://www.moltbook.com/api/v1/feed?sort=new&limit=1' \ --env-var MOLTBOOK_API_KEY \ --cred-file "$HOME/.config/moltbook/credentials.json" ```
- Expected outcomes:
- `AUTH_OK` → proceed with normal authenticated helper flow.
- `AUTH_MISSING` or `AUTH_FAIL_*` → use defined fallback path and record one concise note.
Reusable Snippets
- Use drop-in policy snippets from:
- `references/snippets.md` (HEARTBEAT + AGENTS + helper policy blocks)
References
- `references/contract.md` for the full Keychain Contract pattern
- `references/snippets.md` for ready-to-paste operational snippets
- `references/examples.md` for multi-service usage examples (Moltbook, GitHub, Slack)
Use Cases
- Standardize credential handling across multiple API services to prevent auth regressions
- Run startup authentication checks before an agent begins its main workflow
- Create reusable helper scripts that inject credentials consistently for protected endpoints
- Define explicit fallback policies when API keys are missing or expired
- Enforce a single canonical credential source (env var or config file) across sessions
Pros & Cons
Pros
- +Prevents the common problem of agents losing auth state between sessions
- +Clear hierarchy (env var > credential file) eliminates ambiguity in credential sourcing
- +Includes ready-to-paste policy snippets for HEARTBEAT.md and AGENTS.md integration
Cons
- -Requires manual setup of helper scripts and credential files before first use
- -Focused on bash/curl-based workflows — less useful for SDK-based API integrations
- -Only verifies that credentials exist and endpoints respond — does not validate permission scopes
FAQ
What does Auth Guard do?
What platforms support Auth Guard?
What are the use cases for Auth Guard?
100+ free AI tools
Writing, PDF, image, and developer tools — all in your browser.
Next Step
Use the skill detail page to evaluate fit and install steps. For a direct browser workflow, move into a focused tool route instead of staying in broader support surfaces.