fix: set Claude sessionKey in cookie jar instead of raw header

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

debug_claude.py

@@ -0,0 +1,24 @@
+"""Debug script — tests Claude API connectivity."""
+import os
+from dotenv import load_dotenv
+import requests
+
+load_dotenv()
+key = os.getenv("CLAUDE_SESSION_KEY")
+if not key:
+    print("ERROR: CLAUDE_SESSION_KEY not found in .env")
+    raise SystemExit(1)
+
+s = requests.Session()
+# Test 1: cookie as a jar entry (correct way)
+s.cookies.set("sessionKey", key, domain="claude.ai", path="/")
+s.headers.update({
+    "User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36",
+    "Referer": "https://claude.ai/",
+    "Accept": "application/json",
+})
+
+print("Calling /api/organizations (cookie jar) ...")
+r = s.get("https://claude.ai/api/organizations", timeout=15)
+print(f"Status: {r.status_code}")
+print(f"Response (first 300 chars): {r.text[:300]}")

src/providers/claude.py

@@ -32,10 +32,10 @@ class ClaudeProvider(BaseProvider):
                     "Run 'python -m src.main auth' to configure it."
                 ),
             )
-        # Set cookie header; never log the key value
+        # Set sessionKey in the cookie jar (not as a raw header string)
+        self._session.cookies.set("sessionKey", key, domain="claude.ai", path="/")
         self._session.headers.update(
             {
-                "Cookie": f"sessionKey={key}",
                 "Referer": "https://claude.ai/",
                 "Origin": "https://claude.ai",
             }