# Provider integration and account-safety audit

Audit date: 2026-07-10  
Review type: independent read-only implementation and policy review

## Executive finding

The previous Claude Plan connector was not safe to ship. It invoked the installed
Claude Code CLI and attempted to isolate it with `CLAUDE_CONFIG_DIR`; on macOS,
Claude Code stores credentials in the encrypted macOS Keychain, so a clean config
directory is not a vendor-documented account boundary. A local comparison also
showed that the tracker profile and the global Claude CLI resolved the same identity.
Because Nimbalyst runs Claude Code sessions, tracker login/logout could collide with
the identity used by Nimbalyst.

This release removes the Claude Code login/logout/status connector entirely. Claude,
Gemini, and Grok are now manual/reference-only. Opening a provider page is clearly
described as a reference link; it does not authenticate, import an account, or create
a live usage connection. OpenAI Platform is the only live connector and uses its
documented API endpoints with an operator-supplied API key.

## Integration matrix

| Provider | Current integration | Data sent | Account-impact risk | Decision |
| --- | --- | --- | --- | --- |
| OpenAI Platform | Official organization usage, cost, project, and rate-limit GET endpoints with a key held in macOS Keychain | Query filters and bearer credential; no prompts/content | Medium: organization Admin keys are broad and must be dedicated and rotated | Keep, with explicit key-scope and rotation guidance |
| Claude consumer subscription | Manual tracking plus an informational link to `claude.ai`; no Claude CLI invocation | None | Low in this build; no Keychain/session mutation and no private-page polling | Keep manual-only until Anthropic provides a vendor-supported usage connector |
| Google Gemini | Manual tracking plus an informational link to `gemini.google.com` | None | Low; no OAuth client, token, or quota endpoint is configured | Do not automate until a first-party OAuth client/scopes are configured |
| xAI/Grok | Manual tracking plus an informational link to `grok.com` | None | Low; no API key or management client is configured | Do not automate until an approved API/OAuth flow is implemented |

## Terms and policy posture

Anthropic's [Consumer Terms](https://www.anthropic.com/legal/consumer-terms)
prohibit account sharing, crawling/scraping, and automated or non-human access except
where explicitly permitted. Its [Claude Code authentication documentation](https://code.claude.com/docs/en/authentication)
states that macOS credentials are stored in the encrypted macOS Keychain; the
documentation for relocating `CLAUDE_CONFIG_DIR` applies to Linux and Windows, not
as a guaranteed macOS account boundary. The tracker therefore does not scrape
`claude.ai`, replay cookies, extract session tokens, or invoke Claude Code login/logout.

OpenAI's [API authentication documentation](https://platform.openai.com/docs/api-reference/backward-compatibility?lang=ruby)
defines API-key/Bearer authentication for the platform. The tracker uses only the
documented organization usage/cost/project endpoints and never reuses ChatGPT
consumer cookies or sessions.

Google's [Gemini OAuth documentation](https://ai.google.dev/gemini-api/docs/oauth)
requires a configured desktop OAuth client and scopes. xAI's [direct inference
documentation](https://docs.x.ai/developers/rest-api-reference/inference) uses API
keys. The tracker does not claim that a browser visit is an OAuth connection for
either provider.

This architecture avoids behaviors that provider policies commonly flag: no private
website scraping, no cookie/session-token extraction, no credential sharing, and no
background polling of consumer quota pages. No implementation can guarantee a
provider's enforcement decision, so the provider's terms and approved API/OAuth
flows remain the source of truth.

## Recovery for the affected Nimbalyst connection

1. Do not use an older tracker build's Claude Plan Authenticate or Logout action.
2. In Nimbalyst or Claude Code, sign back into the intended Claude account using
   that app's own UI. This is a user approval step; the tracker must not perform it.
3. Replace the old tracker archive with this release. Claude tracking should be
   configured as Manual until a supported provider connector is available.
4. If a credential was ever exposed outside the provider's secure UI, revoke/rotate
   it in the provider console. Deleting a local file does not revoke a bearer key.

## Release gate

- No provider browser cookies are read.
- No hidden session token is copied into SwiftData, the app Keychain, logs, or URLs.
- The app never invokes the Claude Code CLI or mutates Claude Code/Nimbalyst login state.
- OpenAI network calls are limited to official API endpoints and require an explicit key.
- Gemini and xAI browser buttons are reference links, not authentication claims.
- Consumer subscription usage is shown as unavailable unless a provider-supported feed exists.
- Any future consumer connector requires vendor-documented OAuth/API boundaries, a
  two-account login/logout regression test on macOS, and an updated independent audit.
