fix: align provider auth checker with config evidence

src/agents/model-auth.profiles.test.ts

@@ -17,6 +17,7 @@ import {
   resolveEnvApiKey,
   resolveModelAuthMode,
 } from "./model-auth.js";
+import { hasAuthForModelProvider } from "./model-provider-auth.js";
 
 async function expectVertexAdcEnvApiKey(params: {
   provider: string;
@@ -525,6 +526,34 @@ describe("getApiKeyForModel", () => {
     }
   });
 
+  it("uses the same trusted workspace manifest auth evidence in provider auth checks", async () => {
+    const tempDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-workspace-cloud-auth-"));
+    const credentialsPath = path.join(tempDir, "credentials.json");
+    await fs.writeFile(credentialsPath, "{}", "utf8");
+    const store = { version: 1 as const, profiles: {} };
+
+    try {
+      await withEnvAsync({ WORKSPACE_CLOUD_CREDENTIALS: credentialsPath }, async () => {
+        expect(
+          hasAuthForModelProvider({
+            provider: "workspace-cloud",
+            cfg: { plugins: { allow: ["workspace-cloud"] } },
+            store,
+          }),
+        ).toBe(true);
+        expect(
+          hasAuthForModelProvider({
+            provider: "workspace-cloud",
+            cfg: { plugins: {} },
+            store,
+          }),
+        ).toBe(false);
+      });
+    } finally {
+      await fs.rm(tempDir, { recursive: true, force: true });
+    }
+  });
+
   it("hasAvailableAuthForProvider('google') accepts GOOGLE_API_KEY fallback", async () => {
     await withEnvAsync(
       {