fix: add claude code api key helper validation and ttl config

- Add validation in entrypoint.sh to verify apiKeyHelper is in config file
- Check config file exists at ~/.claude/config.json
- Verify apiKeyHelper field matches CLAUDE_CODE_API_KEY_HELPER env var
- Exit with error if validation fails to prevent using wrong credentials
- Add CLAUDE_CODE_API_KEY_HELPER_TTL_MS=3600000 to smoke-claude workflow
- Ensures Claude Code properly detects and uses the API key helper script

Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>

Author: Claude

.github/workflows/smoke-claude.lock.yml

@@ -119,6 +119,41 @@ fi
 # If health check fails, the script exits with non-zero code and prevents agent from running
 /usr/local/bin/api-proxy-health-check.sh || exit 1
 
+# Validate Claude Code API key helper configuration
+# This ensures the apiKeyHelper is properly configured in the config file
+# If validation fails, exit before running the agent to prevent using wrong credentials
+if [ -n "$CLAUDE_CODE_API_KEY_HELPER" ]; then
+  echo "[entrypoint] Validating Claude Code API key helper configuration..."
+
+  # Check if config file exists
+  CONFIG_FILE="$HOME/.claude/config.json"
+  if [ ! -f "$CONFIG_FILE" ]; then
+    echo "[entrypoint][ERROR] Claude Code config file not found at $CONFIG_FILE"
+    echo "[entrypoint][ERROR] Cannot verify apiKeyHelper configuration"
+    exit 1
+  fi
+
+  # Check if apiKeyHelper is present in config file
+  if ! grep -q '"apiKeyHelper"' "$CONFIG_FILE"; then
+    echo "[entrypoint][ERROR] apiKeyHelper not found in Claude Code config file"
+    echo "[entrypoint][ERROR] Expected: {\"apiKeyHelper\":\"$CLAUDE_CODE_API_KEY_HELPER\"}"
+    echo "[entrypoint][ERROR] Actual config:"
+    cat "$CONFIG_FILE" >&2
+    exit 1
+  fi
+
+  # Verify the value matches the environment variable
+  CONFIGURED_HELPER=$(grep -o '"apiKeyHelper":"[^"]*"' "$CONFIG_FILE" | cut -d'"' -f4)
+  if [ "$CONFIGURED_HELPER" != "$CLAUDE_CODE_API_KEY_HELPER" ]; then
+    echo "[entrypoint][ERROR] apiKeyHelper mismatch:"
+    echo "[entrypoint][ERROR]   Environment variable: $CLAUDE_CODE_API_KEY_HELPER"
+    echo "[entrypoint][ERROR]   Config file value: $CONFIGURED_HELPER"
+    exit 1
+  fi
+
+  echo "[entrypoint] ✓ Claude Code API key helper validated: $CLAUDE_CODE_API_KEY_HELPER"
+fi
+
 # Print proxy environment
 echo "[entrypoint] Proxy configuration:"
 echo "[entrypoint]   HTTP_PROXY=$HTTP_PROXY"