Daemon re-auth notification fires immediately on transient token-refresh blips, no grace period

Open 💬 0 comments Opened Jul 2, 2026 by larskluge

Describe the bug

The background daemon (claude daemon run, used for background Task-tool workers, claude agents, and scheduled cron routines) posts a macOS notification the instant its proactive OAuth token refresh fails and no cached token is found:

osascript -e 'display notification "Your Claude assistant needs re-authentication" with title "Claude"'

This fires immediately, with no grace period, even though the daemon then polls the keychain every 30s and frequently recovers on its own within minutes — no claude auth login ever required. In one observed case the failure self-resolved in ~48 minutes via "token found via keychain re-check" with zero user action needed, but the notification had already fired at the first failed attempt.

Separately: clicking the notification opens Script Editor's generic "Open" file dialog instead of anything actionable, because the notification is delivered via osascript (which attributes it to Script Editor's app identity) rather than a proper app-owned notification. This also means the only way to silence it at the OS level is to mute all "Script Editor" notifications system-wide, which would also hide a genuine, persistent re-auth failure.

Expected behavior

Either:

  1. Delay the notification until the failure has persisted past a short grace period (e.g. a couple of the 30s keychain re-checks), so transient blips don't page the user, or
  2. Provide a documented setting (settings.json key or env var) to configure/suppress this notification, and/or
  3. Deliver the notification through a proper app identity (not raw osascript) so clicking it does something useful (e.g. surface claude auth login instructions) instead of opening Script Editor's file picker.

Environment

  • macOS (Darwin), Claude Code CLI (native build under ~/.local/share/claude)
  • Relevant daemon.log excerpt:
[supervisor] auth: proactive refresh failed, signalling re-auth required
[supervisor] auth: headless daemon cannot complete OAuth — run `claude auth login` to refresh
[supervisor] auth: no token found, will re-check keychain every 30s
... (48 minutes later, no user action taken) ...
[supervisor] auth: scheduling proactive refresh in 28555s
[supervisor] auth: token found via keychain re-check

Confirmed via claude-code-guide that there is currently no documented settings.json key, env var, or CLI flag to configure or suppress this specific notification.

View original on GitHub ↗