- token endpoint paths are matched by OAuth capture
- token responses are rewritten to phantoms
- persisted auth files contain only phantom or synthetic JWT-shaped values
- normal agent API calls resolve phantoms only through the admitted proxy route
- denied Keychain or credential-store access does not prevent phantom-backed use
Claude Code
Login capture:configured OAuth capture endpoint provider=claude_codematched OAuth capture endpoint provider=claude_coderewrote OAuth token response fields to phantomsLogin successful.
loaded persisted OAuth phantom mappingsresolved OAuth phantom token for admitted consumer- the command succeeds without granting raw Keychain access
Codex
Device-code login:/api/accounts/deviceauth/tokenis matched during polling/oauth/tokenis matched during token exchangerewrote OAuth token response fields to phantomsSuccessfully logged in
- access and refresh token fields exist as strings
- ID token, if present, is JWT-shaped synthetic content
- no real token material is printed
loaded persisted OAuth phantom mappingsresolved OAuth phantom token for admitted consumer- the command succeeds through the authenticated session