fix(models): sync auth-profiles before availability checks

2026-05-04 03:30:24 +00:00 · 2026-02-16 21:00:25 -05:00
parent fbda9a93fd
commit 4ca75bed56
6 changed files with 178 additions and 1 deletions
--- a/src/agents/pi-auth-json.test.ts
+++ b/src/agents/pi-auth-json.test.ts
@@ -157,6 +157,54 @@ describe("ensurePiAuthJsonFromAuthProfiles", () => {
    expect(result.wrote).toBe(false);
  });

+  it("skips expired token credentials", async () => {
+    const agentDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-agent-"));
+
+    saveAuthProfileStore(
+      {
+        version: 1,
+        profiles: {
+          "anthropic:default": {
+            type: "token",
+            provider: "anthropic",
+            token: "sk-ant-expired",
+            expires: Date.now() - 60_000,
+          },
+        },
+      },
+      agentDir,
+    );
+
+    const result = await ensurePiAuthJsonFromAuthProfiles(agentDir);
+    expect(result.wrote).toBe(false);
+  });
+
+  it("normalizes provider ids when writing auth.json keys", async () => {
+    const agentDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-agent-"));
+
+    saveAuthProfileStore(
+      {
+        version: 1,
+        profiles: {
+          "z.ai:default": {
+            type: "api_key",
+            provider: "z.ai",
+            key: "sk-zai",
+          },
+        },
+      },
+      agentDir,
+    );
+
+    const result = await ensurePiAuthJsonFromAuthProfiles(agentDir);
+    expect(result.wrote).toBe(true);
+
+    const authPath = path.join(agentDir, "auth.json");
+    const auth = JSON.parse(await fs.readFile(authPath, "utf8")) as Record<string, unknown>;
+    expect(auth["zai"]).toMatchObject({ type: "api_key", key: "sk-zai" });
+    expect(auth["z.ai"]).toBeUndefined();
+  });
+
  it("preserves existing auth.json entries not in auth-profiles", async () => {
    const agentDir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-agent-"));
    const authPath = path.join(agentDir, "auth.json");
--- a/src/agents/pi-auth-json.ts
+++ b/src/agents/pi-auth-json.ts
@@ -2,6 +2,7 @@ import fs from "node:fs/promises";
 import path from "node:path";
 import { ensureAuthProfileStore } from "./auth-profiles.js";
 import type { AuthProfileCredential } from "./auth-profiles/types.js";
+import { normalizeProviderId } from "./model-selection.js";

 type AuthJsonCredential =
  | {
@@ -50,6 +51,13 @@ function convertCredential(cred: AuthProfileCredential): AuthJsonCredential | nu
    if (!token) {
      return null;
    }
+    const expires =
+      typeof (cred as { expires?: unknown }).expires === "number"
+        ? (cred as { expires: number }).expires
+        : Number.NaN;
+    if (Number.isFinite(expires) && expires > 0 && Date.now() >= expires) {
+      return null;
+    }
    return { type: "api_key", key: token };
  }

@@ -114,7 +122,7 @@ export async function ensurePiAuthJsonFromAuthProfiles(agentDir: string): Promis
  const providerCredentials = new Map<string, AuthJsonCredential>();

  for (const [, cred] of Object.entries(store.profiles)) {
-    const provider = cred.provider;
+    const provider = normalizeProviderId(String(cred.provider ?? "")).trim();
    if (!provider || providerCredentials.has(provider)) {
      continue;
    }