Plugin SDK: harden provider auth seams

2026-05-03 16:10:23 +00:00 · 2026-03-18 02:28:55 -07:00
parent 93a31b69de
commit f96ee99bbc
8 changed files with 79 additions and 5 deletions
--- a/src/plugin-sdk/agent-runtime.ts
+++ b/src/plugin-sdk/agent-runtime.ts
@@ -1,7 +1,6 @@
 // Public agent/model/runtime helpers for plugins that integrate with core agent flows.

 export * from "../agents/agent-scope.js";
-export * from "../agents/auth-profiles.js";
 export * from "../agents/current-time.js";
 export * from "../agents/date-time.js";
 export * from "../agents/defaults.js";
@@ -25,3 +24,52 @@ export * from "../agents/vllm-defaults.js";
 // Intentional public runtime surface: channel plugins use ingress agent helpers directly.
 export * from "../agents/agent-command.js";
 export * from "../tts/tts.js";
+
+export {
+  CLAUDE_CLI_PROFILE_ID,
+  CODEX_CLI_PROFILE_ID,
+  dedupeProfileIds,
+  listProfilesForProvider,
+  markAuthProfileGood,
+  setAuthProfileOrder,
+  upsertAuthProfile,
+  upsertAuthProfileWithLock,
+  repairOAuthProfileIdMismatch,
+  suggestOAuthProfileIdForLegacyDefault,
+  clearRuntimeAuthProfileStoreSnapshots,
+  ensureAuthProfileStore,
+  loadAuthProfileStoreForSecretsRuntime,
+  loadAuthProfileStoreForRuntime,
+  replaceRuntimeAuthProfileStoreSnapshots,
+  loadAuthProfileStore,
+  saveAuthProfileStore,
+  calculateAuthProfileCooldownMs,
+  clearAuthProfileCooldown,
+  clearExpiredCooldowns,
+  getSoonestCooldownExpiry,
+  isProfileInCooldown,
+  markAuthProfileCooldown,
+  markAuthProfileFailure,
+  markAuthProfileUsed,
+  resolveProfilesUnavailableReason,
+  resolveProfileUnusableUntilForDisplay,
+  resolveApiKeyForProfile,
+  resolveAuthProfileDisplayLabel,
+  formatAuthDoctorHint,
+  resolveAuthProfileEligibility,
+  resolveAuthProfileOrder,
+  resolveAuthStorePathForDisplay,
+} from "../agents/auth-profiles.js";
+export type {
+  ApiKeyCredential,
+  AuthCredentialReasonCode,
+  AuthProfileCredential,
+  AuthProfileEligibilityReasonCode,
+  AuthProfileFailureReason,
+  AuthProfileIdRepairResult,
+  AuthProfileStore,
+  OAuthCredential,
+  ProfileUsageStats,
+  TokenCredential,
+  TokenExpiryState,
+} from "../agents/auth-profiles.js";
--- a/src/plugin-sdk/provider-auth-api-key.ts
+++ b/src/plugin-sdk/provider-auth-api-key.ts
@@ -0,0 +1,21 @@
+// Public API-key onboarding helpers for provider plugins.
+
+export type { OpenClawConfig } from "../config/config.js";
+export type { SecretInput } from "../config/types.secrets.js";
+
+export { upsertAuthProfile } from "../agents/auth-profiles.js";
+export {
+  formatApiKeyPreview,
+  normalizeApiKeyInput,
+  validateApiKeyInput,
+  ensureApiKeyFromOptionEnvOrPrompt,
+  normalizeSecretInputModeInput,
+  promptSecretRefForSetup,
+  resolveSecretInputModeForEnvSelection,
+} from "../plugins/provider-auth-input.js";
+export { applyAuthProfileConfig, buildApiKeyCredential } from "../plugins/provider-auth-helpers.js";
+export { createProviderApiKeyAuthMethod } from "../plugins/provider-api-key-auth.js";
+export {
+  normalizeOptionalSecretInput,
+  normalizeSecretInput,
+} from "../utils/normalize-secret-input.js";