mirror of
https://github.com/openclaw/openclaw.git
synced 2026-06-01 21:45:52 +00:00
77d9ac30bb
* refactor: share talk event metric extraction * refactor: reuse shared coercion helpers * refactor: reuse shared primitive guards * refactor: reuse shared record guard * refactor: reuse shared primitive helpers * refactor: reuse shared string guards * refactor: reuse shared non-empty string guard * refactor: share plugin primitive coercion helpers * refactor: reuse plugin coercion helpers * refactor: reuse plugin coercion helpers in more plugins * refactor: reuse channel coercion helpers * refactor: reuse monitor coercion helpers * refactor: reuse provider coercion helpers * refactor: reuse core coercion helpers * refactor: reuse runtime coercion helpers * refactor: reuse helper coercion in codex paths * refactor: reuse helper coercion in runtime paths * refactor: reuse codex app-server coercion helpers * refactor: reuse codex record helpers * refactor: reuse migration and qa record helpers * refactor: reuse feishu and core helper guards * refactor: reuse browser and policy coercion helpers * refactor: reuse memory wiki record helper * refactor: share boolean coercion helpers * refactor: reuse finite number coercion * refactor: reuse trimmed string list helpers * refactor: reuse string list normalization * refactor: reuse remaining string list helpers * refactor: reuse string entry normalizer * refactor: share sorted string helpers * refactor: share string list normalization * test: preserve command registry browser imports * refactor: reuse trimmed list helpers * refactor: reuse string dedupe helpers * refactor: reuse local dedupe helpers * refactor: reuse more string dedupe helpers * refactor: reuse command string dedupe helpers * refactor: dedupe memory path lists with helper * refactor: expose string dedupe helpers to plugins * refactor: reuse core string dedupe helpers * refactor: reuse shared unique value helpers * refactor: reuse unique helpers in agent utilities * refactor: reuse unique helpers in config plumbing * refactor: reuse unique helpers in extensions * refactor: reuse unique helpers in core utilities * refactor: reuse unique helpers in qa plugins * refactor: reuse unique helpers in memory plugins * refactor: reuse unique helpers in channel plugins * refactor: reuse unique helpers in core tails * refactor: reuse unique helper in comfy workflow * refactor: reuse unique helpers in test utilities * refactor: expose unique value helper to plugins * refactor: reuse unique helpers for numeric lists * refactor: replace index dedupe filters * refactor: reuse string entry normalization * refactor: reuse string normalization in plugin helpers * refactor: reuse string normalization in extension helpers * refactor: reuse string normalization in channel parsers * refactor: reuse string normalization in memory search * refactor: reuse string normalization in provider parsers * refactor: reuse string normalization in qa helpers * refactor: reuse string normalization in infra parsers * refactor: reuse string normalization in messaging parsers * refactor: reuse string normalization in core parsers * refactor: reuse string normalization in extension parsers * refactor: reuse string normalization in remaining parsers * refactor: reuse string normalization in final parser spots * refactor: reuse string normalization in qa media helpers * refactor: reuse normalization in provider and media lists * refactor: reuse normalization for remaining set filters * refactor: reuse normalization in policy allowlists * refactor: reuse normalization in session and owner lists * refactor: centralize primitive string lists * refactor: reuse lowercase entry helpers * refactor: reuse sorted string helpers * refactor: reuse unique trimmed helpers * refactor: reuse string normalization helpers * refactor: reuse catalog string helpers * refactor: reuse remaining string helpers * refactor: simplify remaining list normalization * refactor: reuse codex auth order normalization * chore: refresh plugin sdk api baseline * fix: make shared string sorting deterministic * chore: refresh plugin sdk api baseline * fix: align host env security ordering
209 lines
6.9 KiB
TypeScript
209 lines
6.9 KiB
TypeScript
import { upsertAuthProfileWithLock } from "../agents/auth-profiles/profiles.js";
|
|
import type { OpenClawConfig } from "../config/types.openclaw.js";
|
|
import type { SecretInput } from "../config/types.secrets.js";
|
|
import { createLazyRuntimeSurface } from "../shared/lazy-runtime.js";
|
|
import { normalizeOptionalString } from "../shared/string-coerce.js";
|
|
import { normalizeUniqueStringEntries } from "../shared/string-normalization.js";
|
|
import { normalizeOptionalSecretInput } from "../utils/normalize-secret-input.js";
|
|
import type {
|
|
ProviderAuthMethod,
|
|
ProviderAuthMethodNonInteractiveContext,
|
|
ProviderPluginWizardSetup,
|
|
} from "./types.js";
|
|
|
|
type ProviderApiKeyAuthMethodOptions = {
|
|
providerId: string;
|
|
methodId: string;
|
|
label: string;
|
|
hint?: string;
|
|
wizard?: ProviderPluginWizardSetup;
|
|
optionKey: string;
|
|
flagName: `--${string}`;
|
|
envVar: string;
|
|
promptMessage: string;
|
|
profileId?: string;
|
|
profileIds?: string[];
|
|
allowProfile?: boolean;
|
|
defaultModel?: string;
|
|
expectedProviders?: string[];
|
|
metadata?: Record<string, string>;
|
|
noteMessage?: string;
|
|
noteTitle?: string;
|
|
applyConfig?: (cfg: OpenClawConfig) => OpenClawConfig;
|
|
};
|
|
|
|
type UpsertAuthProfileParams = Parameters<typeof upsertAuthProfileWithLock>[0];
|
|
|
|
const loadProviderApiKeyAuthRuntime = createLazyRuntimeSurface(
|
|
() => import("./provider-api-key-auth.runtime.js"),
|
|
({ providerApiKeyAuthRuntime }) => providerApiKeyAuthRuntime,
|
|
);
|
|
|
|
function resolveStringOption(opts: Record<string, unknown> | undefined, optionKey: string) {
|
|
return normalizeOptionalSecretInput(opts?.[optionKey]);
|
|
}
|
|
|
|
function resolveProfileId(params: { providerId: string; profileId?: string }) {
|
|
return normalizeOptionalString(params.profileId) || `${params.providerId}:default`;
|
|
}
|
|
|
|
function resolveProfileIds(params: {
|
|
providerId: string;
|
|
profileId?: string;
|
|
profileIds?: string[];
|
|
}) {
|
|
const explicit = normalizeUniqueStringEntries(params.profileIds ?? []);
|
|
if (explicit.length > 0) {
|
|
return explicit;
|
|
}
|
|
return [resolveProfileId(params)];
|
|
}
|
|
|
|
async function upsertAuthProfileWithLockOrThrow(params: UpsertAuthProfileParams): Promise<void> {
|
|
const updated = await upsertAuthProfileWithLock(params);
|
|
if (!updated) {
|
|
throw new Error(
|
|
"Failed to update auth profile store; the auth store lock may be busy. Wait a moment and retry.",
|
|
);
|
|
}
|
|
}
|
|
|
|
async function applyApiKeyConfig(params: {
|
|
ctx: ProviderAuthMethodNonInteractiveContext;
|
|
providerId: string;
|
|
profileIds: string[];
|
|
defaultModel?: string;
|
|
applyConfig?: (cfg: OpenClawConfig) => OpenClawConfig;
|
|
}) {
|
|
const { applyAuthProfileConfig, applyPrimaryModel } = await loadProviderApiKeyAuthRuntime();
|
|
let next = params.ctx.config;
|
|
for (const profileId of params.profileIds) {
|
|
next = applyAuthProfileConfig(next, {
|
|
profileId,
|
|
provider: normalizeOptionalString(profileId.split(":", 1)[0]) || params.providerId,
|
|
mode: "api_key",
|
|
});
|
|
}
|
|
if (params.applyConfig) {
|
|
next = params.applyConfig(next);
|
|
}
|
|
return params.defaultModel ? applyPrimaryModel(next, params.defaultModel) : next;
|
|
}
|
|
|
|
export function createProviderApiKeyAuthMethod(
|
|
params: ProviderApiKeyAuthMethodOptions,
|
|
): ProviderAuthMethod {
|
|
return {
|
|
id: params.methodId,
|
|
label: params.label,
|
|
hint: params.hint,
|
|
kind: "api_key",
|
|
wizard: params.wizard,
|
|
run: async (ctx) => {
|
|
const opts = ctx.opts as Record<string, unknown> | undefined;
|
|
const flagValue = resolveStringOption(opts, params.optionKey);
|
|
let capturedSecretInput: SecretInput | undefined;
|
|
let capturedCredential = false;
|
|
let capturedMode: "plaintext" | "ref" | undefined;
|
|
const {
|
|
buildApiKeyCredential,
|
|
ensureApiKeyFromOptionEnvOrPrompt,
|
|
normalizeApiKeyInput,
|
|
validateApiKeyInput,
|
|
} = await loadProviderApiKeyAuthRuntime();
|
|
|
|
await ensureApiKeyFromOptionEnvOrPrompt({
|
|
token: flagValue ?? normalizeOptionalSecretInput(ctx.opts?.token),
|
|
tokenProvider: flagValue
|
|
? params.providerId
|
|
: normalizeOptionalSecretInput(ctx.opts?.tokenProvider),
|
|
secretInputMode:
|
|
ctx.allowSecretRefPrompt === false
|
|
? (ctx.secretInputMode ?? "plaintext")
|
|
: ctx.secretInputMode,
|
|
config: ctx.config,
|
|
env: ctx.env,
|
|
expectedProviders: params.expectedProviders ?? [params.providerId],
|
|
provider: params.providerId,
|
|
envLabel: params.envVar,
|
|
promptMessage: params.promptMessage,
|
|
normalize: normalizeApiKeyInput,
|
|
validate: validateApiKeyInput,
|
|
prompter: ctx.prompter,
|
|
noteMessage: params.noteMessage,
|
|
noteTitle: params.noteTitle,
|
|
setCredential: async (apiKey, mode) => {
|
|
capturedSecretInput = apiKey;
|
|
capturedCredential = true;
|
|
capturedMode = mode;
|
|
},
|
|
});
|
|
|
|
if (!capturedCredential) {
|
|
throw new Error(`Missing API key input for provider "${params.providerId}".`);
|
|
}
|
|
const credentialInput = capturedSecretInput ?? "";
|
|
const profileIds = resolveProfileIds(params);
|
|
|
|
return {
|
|
profiles: profileIds.map((profileId) => ({
|
|
profileId,
|
|
credential: buildApiKeyCredential(
|
|
normalizeOptionalString(profileId.split(":", 1)[0]) || params.providerId,
|
|
credentialInput,
|
|
params.metadata,
|
|
capturedMode
|
|
? {
|
|
secretInputMode: capturedMode,
|
|
config: ctx.config,
|
|
}
|
|
: undefined,
|
|
),
|
|
})),
|
|
...(params.applyConfig ? { configPatch: params.applyConfig(ctx.config) } : {}),
|
|
...(params.defaultModel ? { defaultModel: params.defaultModel } : {}),
|
|
};
|
|
},
|
|
runNonInteractive: async (ctx) => {
|
|
const opts = ctx.opts as Record<string, unknown> | undefined;
|
|
const resolved = await ctx.resolveApiKey({
|
|
provider: params.providerId,
|
|
flagValue: resolveStringOption(opts, params.optionKey),
|
|
flagName: params.flagName,
|
|
envVar: params.envVar,
|
|
...(params.allowProfile === false ? { allowProfile: false } : {}),
|
|
});
|
|
if (!resolved) {
|
|
return null;
|
|
}
|
|
|
|
const profileIds = resolveProfileIds(params);
|
|
if (resolved.source !== "profile") {
|
|
for (const profileId of profileIds) {
|
|
const credential = ctx.toApiKeyCredential({
|
|
provider: normalizeOptionalString(profileId.split(":", 1)[0]) || params.providerId,
|
|
resolved,
|
|
...(params.metadata ? { metadata: params.metadata } : {}),
|
|
});
|
|
if (!credential) {
|
|
return null;
|
|
}
|
|
await upsertAuthProfileWithLockOrThrow({
|
|
profileId,
|
|
credential,
|
|
agentDir: ctx.agentDir,
|
|
});
|
|
}
|
|
}
|
|
|
|
return await applyApiKeyConfig({
|
|
ctx,
|
|
providerId: params.providerId,
|
|
profileIds,
|
|
defaultModel: params.defaultModel,
|
|
applyConfig: params.applyConfig,
|
|
});
|
|
},
|
|
};
|
|
}
|