diff --git a/.storkit/work/1_backlog/368_story_web_ui_oauth_flow_for_claude_authentication.md b/.storkit/work/1_backlog/368_story_web_ui_oauth_flow_for_claude_authentication.md
new file mode 100644
index 0000000..8d05fae
--- /dev/null
+++ b/.storkit/work/1_backlog/368_story_web_ui_oauth_flow_for_claude_authentication.md
@@ -0,0 +1,24 @@
+---
+name: "Web UI OAuth flow for Claude authentication"
+---
+
+# Story 368: Web UI OAuth flow for Claude authentication
+
+## User Story
+
+As a new user running storkit in Docker, I want to authenticate Claude through the web UI instead of running `claude login` in a terminal inside the container, so that the entire setup experience stays in the browser after `docker compose up`.
+
+## Acceptance Criteria
+
+- [ ] Backend exposes /auth/start endpoint that generates the Claude OAuth URL with redirect_uri pointing to localhost:3001
+- [ ] Backend exposes /auth/callback endpoint that receives the OAuth token and stores it where Claude Code expects it
+- [ ] Backend exposes /auth/status endpoint that reports whether valid Claude credentials exist
+- [ ] Frontend shows a setup screen when no Claude auth is detected on first visit
+- [ ] Setup screen has a 'Connect Claude Account' button that initiates the OAuth flow
+- [ ] OAuth redirect returns to the web UI which confirms success and dismisses the setup screen
+- [ ] Credentials are persisted in the claude-state Docker volume so they survive container restarts
+- [ ] The entire flow works without any terminal interaction after docker compose up
+
+## Out of Scope
+
+- TBD