Daemon re-auth notification fires immediately on transient token-refresh blips, no grace period
Describe the bug
The background daemon (claude daemon run, used for background Task-tool workers, claude agents, and scheduled cron routines) posts a macOS notification the instant its proactive OAuth token refresh fails and no cached token is found:
osascript -e 'display notification "Your Claude assistant needs re-authentication" with title "Claude"'
This fires immediately, with no grace period, even though the daemon then polls the keychain every 30s and frequently recovers on its own within minutes — no claude auth login ever required. In one observed case the failure self-resolved in ~48 minutes via "token found via keychain re-check" with zero user action needed, but the notification had already fired at the first failed attempt.
Separately: clicking the notification opens Script Editor's generic "Open" file dialog instead of anything actionable, because the notification is delivered via osascript (which attributes it to Script Editor's app identity) rather than a proper app-owned notification. This also means the only way to silence it at the OS level is to mute all "Script Editor" notifications system-wide, which would also hide a genuine, persistent re-auth failure.
Expected behavior
Either:
- Delay the notification until the failure has persisted past a short grace period (e.g. a couple of the 30s keychain re-checks), so transient blips don't page the user, or
- Provide a documented setting (settings.json key or env var) to configure/suppress this notification, and/or
- Deliver the notification through a proper app identity (not raw
osascript) so clicking it does something useful (e.g. surfaceclaude auth logininstructions) instead of opening Script Editor's file picker.
Environment
- macOS (Darwin), Claude Code CLI (native build under
~/.local/share/claude) - Relevant daemon.log excerpt:
[supervisor] auth: proactive refresh failed, signalling re-auth required
[supervisor] auth: headless daemon cannot complete OAuth — run `claude auth login` to refresh
[supervisor] auth: no token found, will re-check keychain every 30s
... (48 minutes later, no user action taken) ...
[supervisor] auth: scheduling proactive refresh in 28555s
[supervisor] auth: token found via keychain re-check
Confirmed via claude-code-guide that there is currently no documented settings.json key, env var, or CLI flag to configure or suppress this specific notification.