Replace OneCLI gateway with the built-in credential proxy. For users who want simple .env-based credential management without installing OneCLI. Reads API key or OAuth token from .env and injects into container API requests.
This skill replaces the OneCLI gateway with NanoClaw's built-in credential proxy. Containers get credentials injected via a local HTTP proxy that reads from .env — no external services needed.
Check if src/credential-proxy.ts is imported in src/index.ts:
grep "credential-proxy" src/index.ts
If it shows an import for startCredentialProxy, the native proxy is already active. Skip to Phase 3 (Setup).
grep "@onecli-sh/sdk" package.json
If @onecli-sh/sdk appears, OneCLI is the active credential provider. Proceed with Phase 2 to replace it.
If neither check matches, you may be on an older version. Run /update-nanoclaw first, then retry.
git remote -v
If upstream is missing, add it:
git remote add upstream https://github.com/qwibitai/nanoclaw.git
git fetch upstream skill/native-credential-proxy
git merge upstream/skill/native-credential-proxy || {
git checkout --theirs package-lock.json
git add package-lock.json
git merge --continue
}
This merges in:
src/credential-proxy.ts and src/credential-proxy.test.ts (the proxy implementation)src/index.ts, src/container-runner.ts, src/container-runtime.ts, src/config.ts@onecli-sh/sdk dependencyCREDENTIAL_PROXY_PORT config (default 3001).env-based credential instructionsIf the merge reports conflicts beyond package-lock.json, resolve them by reading the conflicted files and understanding the intent of both sides.
Replace the OneCLI auth reference with the native proxy:
In groups/main/CLAUDE.md, replace:
OneCLI manages credentials (including Anthropic auth) — run
onecli --help.