mirror of
https://github.com/openclaw/openclaw.git
synced 2026-03-29 02:41:07 +00:00
36d2ae2a22
* Models: gate custom provider keys by usable secret semantics * Config: project runtime writes onto source snapshot * Models: prevent stale apiKey preservation for marker-managed providers * Runner: strip SecretRef marker headers from resolved models * Secrets: scan active agent models.json path in audit * Config: guard runtime-source projection for unrelated configs * Extensions: fix onboarding type errors in CI * Tests: align setup helper account-enabled expectation * Secrets audit: harden models.json file reads * fix: harden SecretRef custom/provider secret persistence (#42554) (thanks @joshavant)
72 lines
2.0 KiB
TypeScript
72 lines
2.0 KiB
TypeScript
import type { OpenClawConfig } from "../config/config.js";
|
|
import type { SessionEntry } from "../config/sessions.js";
|
|
import {
|
|
ensureAuthProfileStore,
|
|
resolveAuthProfileDisplayLabel,
|
|
resolveAuthProfileOrder,
|
|
} from "./auth-profiles.js";
|
|
import { resolveEnvApiKey, resolveUsableCustomProviderApiKey } from "./model-auth.js";
|
|
import { normalizeProviderId } from "./model-selection.js";
|
|
|
|
export function resolveModelAuthLabel(params: {
|
|
provider?: string;
|
|
cfg?: OpenClawConfig;
|
|
sessionEntry?: SessionEntry;
|
|
agentDir?: string;
|
|
}): string | undefined {
|
|
const resolvedProvider = params.provider?.trim();
|
|
if (!resolvedProvider) {
|
|
return undefined;
|
|
}
|
|
|
|
const providerKey = normalizeProviderId(resolvedProvider);
|
|
const store = ensureAuthProfileStore(params.agentDir, {
|
|
allowKeychainPrompt: false,
|
|
});
|
|
const profileOverride = params.sessionEntry?.authProfileOverride?.trim();
|
|
const order = resolveAuthProfileOrder({
|
|
cfg: params.cfg,
|
|
store,
|
|
provider: providerKey,
|
|
preferredProfile: profileOverride,
|
|
});
|
|
const candidates = [profileOverride, ...order].filter(Boolean) as string[];
|
|
|
|
for (const profileId of candidates) {
|
|
const profile = store.profiles[profileId];
|
|
if (!profile || normalizeProviderId(profile.provider) !== providerKey) {
|
|
continue;
|
|
}
|
|
const label = resolveAuthProfileDisplayLabel({
|
|
cfg: params.cfg,
|
|
store,
|
|
profileId,
|
|
});
|
|
if (profile.type === "oauth") {
|
|
return `oauth${label ? ` (${label})` : ""}`;
|
|
}
|
|
if (profile.type === "token") {
|
|
return `token${label ? ` (${label})` : ""}`;
|
|
}
|
|
return `api-key${label ? ` (${label})` : ""}`;
|
|
}
|
|
|
|
const envKey = resolveEnvApiKey(providerKey);
|
|
if (envKey?.apiKey) {
|
|
if (envKey.source.includes("OAUTH_TOKEN")) {
|
|
return `oauth (${envKey.source})`;
|
|
}
|
|
return `api-key (${envKey.source})`;
|
|
}
|
|
|
|
const customKey = resolveUsableCustomProviderApiKey({
|
|
cfg: params.cfg,
|
|
provider: providerKey,
|
|
});
|
|
if (customKey) {
|
|
return `api-key (models.json)`;
|
|
}
|
|
|
|
return "unknown";
|
|
}
|