From 8a9a3984e4595bd176892be3ff2e8df280f91164 Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Wed, 8 Apr 2026 07:01:00 +0100 Subject: [PATCH] test: isolate video media runner auth from main profile store --- src/agents/model-auth.ts | 30 ++--- src/media-understanding/runner.video.test.ts | 120 ++++++++++--------- 2 files changed, 79 insertions(+), 71 deletions(-) diff --git a/src/agents/model-auth.ts b/src/agents/model-auth.ts index fcb2bc7ff79..02c34c2f82c 100644 --- a/src/agents/model-auth.ts +++ b/src/agents/model-auth.ts @@ -355,9 +355,9 @@ export async function resolveApiKeyForProvider(params: { credentialPrecedence?: ProviderCredentialPrecedence; }): Promise { const { provider, cfg, profileId, preferredProfile } = params; - const store = params.store ?? ensureAuthProfileStore(params.agentDir); if (profileId) { + const store = params.store ?? ensureAuthProfileStore(params.agentDir); const resolved = await resolveApiKeyForProfile({ cfg, store, @@ -423,6 +423,7 @@ export async function resolveApiKeyForProvider(params: { } const providerConfig = resolveProviderConfig(cfg, provider); + const store = params.store ?? ensureAuthProfileStore(params.agentDir); const order = resolveAuthProfileOrder({ cfg, store, @@ -603,13 +604,25 @@ export async function hasAvailableAuthForProvider(params: { agentDir?: string; }): Promise { const { provider, cfg, preferredProfile } = params; - const store = params.store ?? ensureAuthProfileStore(params.agentDir); const authOverride = resolveProviderAuthOverride(cfg, provider); if (authOverride === "aws-sdk") { return true; } + if (resolveEnvApiKey(provider)) { + return true; + } + if (resolveUsableCustomProviderApiKey({ cfg, provider })) { + return true; + } + if (resolveSyntheticLocalProviderAuth({ cfg, provider })) { + return true; + } + if (authOverride === undefined && normalizeProviderId(provider) === "amazon-bedrock") { + return true; + } + const store = params.store ?? ensureAuthProfileStore(params.agentDir); const order = resolveAuthProfileOrder({ cfg, store, @@ -631,18 +644,7 @@ export async function hasAvailableAuthForProvider(params: { log.debug?.(`auth profile "${candidate}" failed for provider "${provider}": ${String(err)}`); } } - - if (resolveEnvApiKey(provider)) { - return true; - } - if (resolveUsableCustomProviderApiKey({ cfg, provider })) { - return true; - } - if (resolveSyntheticLocalProviderAuth({ cfg, provider })) { - return true; - } - - return authOverride === undefined && normalizeProviderId(provider) === "amazon-bedrock"; + return false; } export async function getApiKeyForModel(params: { diff --git a/src/media-understanding/runner.video.test.ts b/src/media-understanding/runner.video.test.ts index 322080765fc..8f284803e54 100644 --- a/src/media-understanding/runner.video.test.ts +++ b/src/media-understanding/runner.video.test.ts @@ -10,66 +10,70 @@ describe("runCapability video provider wiring", () => { let seenBaseUrl: string | undefined; let seenHeaders: Record | undefined; - await withVideoFixture("openclaw-video-merge", async ({ ctx, media, cache }) => { - const cfg = { - models: { - providers: { - moonshot: { - apiKey: "provider-key", // pragma: allowlist secret - baseUrl: "https://provider.example/v1", - headers: { "X-Provider": "1" }, - models: [], - }, - }, - }, - tools: { - media: { - video: { - enabled: true, - baseUrl: "https://config.example/v1", - headers: { "X-Config": "2" }, - models: [ - { - provider: "moonshot", - model: "kimi-k2.5", - baseUrl: "https://entry.example/v1", - headers: { "X-Entry": "3" }, - }, - ], - }, - }, - }, - } as unknown as OpenClawConfig; - - const result = await runCapability({ - capability: "video", - cfg, - ctx, - attachments: cache, - media, - providerRegistry: new Map([ - [ - "moonshot", - { - id: "moonshot", - capabilities: ["video"], - describeVideo: async (req) => { - seenBaseUrl = req.baseUrl; - seenHeaders = req.headers; - return { text: "video ok", model: req.model }; + await withTempDir({ prefix: "openclaw-video-auth-" }, async (isolatedAgentDir) => { + await withVideoFixture("openclaw-video-merge", async ({ ctx, media, cache }) => { + const cfg = { + models: { + providers: { + moonshot: { + auth: "api-key", + apiKey: "provider-key", // pragma: allowlist secret + baseUrl: "https://provider.example/v1", + headers: { "X-Provider": "1" }, + models: [], }, }, - ], - ]), - }); + }, + tools: { + media: { + video: { + enabled: true, + baseUrl: "https://config.example/v1", + headers: { "X-Config": "2" }, + models: [ + { + provider: "moonshot", + model: "kimi-k2.5", + baseUrl: "https://entry.example/v1", + headers: { "X-Entry": "3" }, + }, + ], + }, + }, + }, + } as unknown as OpenClawConfig; - expect(result.outputs[0]?.text).toBe("video ok"); - expect(result.outputs[0]?.provider).toBe("moonshot"); - expect(seenBaseUrl).toBe("https://entry.example/v1"); - expect(seenHeaders).toMatchObject({ - "X-Provider": "1", - "X-Config": "2", - "X-Entry": "3", + const result = await runCapability({ + capability: "video", + cfg, + ctx, + agentDir: isolatedAgentDir, + attachments: cache, + media, + providerRegistry: new Map([ + [ + "moonshot", + { + id: "moonshot", + capabilities: ["video"], + describeVideo: async (req) => { + seenBaseUrl = req.baseUrl; + seenHeaders = req.headers; + return { text: "video ok", model: req.model }; + }, + }, + ], + ]), + }); + + expect(result.outputs[0]?.text).toBe("video ok"); + expect(result.outputs[0]?.provider).toBe("moonshot"); + expect(seenBaseUrl).toBe("https://entry.example/v1"); + expect(seenHeaders).toMatchObject({ + "X-Provider": "1", + "X-Config": "2", + "X-Entry": "3", + }); }); }); }); @@ -90,6 +94,7 @@ describe("runCapability video provider wiring", () => { models: { providers: { moonshot: { + auth: "api-key", apiKey: "moonshot-key", // pragma: allowlist secret models: [], }, @@ -108,6 +113,7 @@ describe("runCapability video provider wiring", () => { capability: "video", cfg, ctx, + agentDir: isolatedAgentDir, attachments: cache, media, providerRegistry: new Map([