mirror of
https://github.com/openclaw/openclaw.git
synced 2026-06-05 14:52:55 +00:00
bb46b79d3c
* refactor: extract agent core package Introduce packages/agent-core as the OpenClaw-owned home for reusable agent loop, harness, session, prompt, and runtime dependency contracts. * refactor: extract shared llm runtime Move provider model registries, stream wrappers, OAuth helpers, and LLM utilities into src/llm with plugin-sdk barrels instead of depending on the old embedded runtime layout. * refactor: remove pi runtime internals Rename remaining Pi-shaped agent surfaces to OpenClaw agent runtime names, delete obsolete Pi docs and package graph checks, and add the third-party notice for incorporated code. * refactor: tighten agent session runtime Make agent-core/runtime dependencies explicit, consolidate compaction and session transcript helpers, and move model/session helpers behind OpenClaw-owned contracts. * refactor: remove static model and pi auth paths Drop static model catalogs and Pi auth bridges, move model/provider facts to manifest-owned runtime contracts, and harden internal embedded-agent utilities. * refactor: remove legacy provider compat paths * docs: remove agent parity notes * fix: skip provider wildcard metadata parsing * refactor: share session extension sdk loading * refactor: inline acpx proxy error formatter * refactor: fold edit recovery into edit tool * fix: accept extension batch separator * test: align startup provider plugin expectations * fix: restore provider-scoped release discovery * test: align static asset packaging expectations * fix: run static provider catalogs during scoped discovery * fix: add provider entry catalogs for scoped live discovery * fix: load lightweight provider catalog entries * fix: refresh provider-scoped plugin metadata * fix: keep provider catalog entries on release live path * fix: keep static manifest models in release live checks * fix: harden release model discovery * fix: reduce OpenAI live cache probe reasoning * fix: disable OpenAI cache probe reasoning * ci: extend OpenAI gateway live timeout * fix: extend live gateway model budget * fix: stabilize release validation regressions * fix: honor provider aliases in model rows * fix: stabilize release validation lanes * fix: stabilize release memory qa * ci: stabilize release validation lanes * ci: prefer ipv4 for live docker node calls * fix: restore shared tool-call stream wrapper * ci: remove legacy pi test shard alias * fix: clean up embedded agent test drift * fix: stabilize runtime alias status * fix: clean up embedded agent ci drift * fix: restore release ci invariants * fix: clean up post-rebase runtime drift * fix: restore release ci checks * fix: restore release ci after rebase * fix: remove stale pi runtime path * test: align compaction runtime expectations * test: update plugin prerelease expectations * fix: handle claude live tool approvals * fix: stabilize release validation gates * fix: finish agent runtime import * test: finish post-rebase agent runtime mocks * fix: keep codex compaction native * fix: stabilize codex app-server hook tests * test: isolate codex diagnostic active run * test: remove codex diagnostic completion race # Conflicts: # extensions/codex/src/app-server/run-attempt.test.ts * ci: fix full release manifest performance run id * refactor: narrow llm plugin sdk boundary * chore: drop generated google boundary stamps * fix: repair rebase fallout * fix: clean up rebased runtime references * fix: decode codex jwt payloads as base64url * fix: preserve shipped pi runtime alias * fix: add scoped sdk virtual modules * fix: decode llm codex oauth jwt as base64url * fix: avoid stale vertex adc negative cache * fix: harden tool arg decoding and codeql path * fix: keep vertex adc negative checks live * refactor: consolidate codex jwt and edit helpers * fix: await codex oauth node runtime imports * fix: preserve sdk tool and notice contracts * fix: preserve shipped compat config boundaries * fix: align codex oauth callback host * fix: terminate agent-core loop streams on failure * fix: keep codex oauth callback alive during fallback * ci: include session tools in critical codeql scans * fix: keep Cloudflare Anthropic provider auth header * docs: redirect legacy pi runtime pages * fix: honor bundled web provider compat discovery * fix: protect session output spill files * fix: keep legacy agent dir env blocked * fix: contain auto-discovered skill symlinks * fix: harden agent core sdk proxy surfaces * fix: restore approval reaction sdk compat * fix: keep live docker runs bounded * fix: keep codex oauth redirect host aligned * fix: resolve post-rebase agent runtime drift * fix: redact anthropic oauth parse failures * fix: preserve responses strict tool shaping * fix: repair agent runtime rebase cleanup * docs: redirect retired parity pages * fix: bound auto-discovered resources to roots * fix: repair post-rebase agent test drift * fix: preserve bundled provider allowlist migration * fix: preserve manifest-owned provider aliases * fix: declare photon image dependency * fix: keep provider headers out of proxy body * fix: preserve shipped env aliases * fix: refresh control ui i18n generated state * fix: quote read fallback paths * fix: preview edits through configured backend * test: satisfy core test typecheck * fix: preserve ZAI usage auth fallback * test: repair codex diagnostic test * fix: repair agent runtime rebase drift * test: finish embedded runner import rename * fix: repair agent runtime rebase integrations * test: align compaction oauth fallback expectations * fix: allow sdk-auth session models * fix: update doctor tool schema import * fix: preserve bedrock plugin region * fix: stream harmony-like prose immediately * ci: include session runtime in codeql shards * fix: repair latest rebase integrations * fix: honor explicit codex websocket transport * fix: keep openai-compatible credentials provider-scoped * fix: refresh sdk api baseline after rebase * fix: route cli runtime aliases through openclaw harness * test: rename stale harness mock expectation * test: rename embedded agent overflow calls * test: clean embedded auth test wording * test: use openclaw stream types in deepinfra cache test * fix: refresh sdk api baseline on latest main * fix: honor bundled discovery compat allowlists * fix: refresh sdk api baseline after latest rebase * fix: remove stale rebase imports * test: rename stale model catalog mock * test: mock renamed doctor runtime modules * fix: map canonical kimi env auth * fix: use internal model registry in bench script * fix: migrate deepinfra provider catalog entry * fix: enforce builtin tool suppression * fix: route compaction auth and proxy payloads safely * refactor: prune unused llm registry leftovers * test: update codex hooks session import * test: fix model picker ci coverage * test: align model picker auth mock types
83 lines
2.5 KiB
TypeScript
83 lines
2.5 KiB
TypeScript
import path from "node:path";
|
|
import { z } from "zod";
|
|
import { privateFileStore } from "../infra/private-file-store.js";
|
|
import { safeParseWithSchema } from "../utils/zod-parse.js";
|
|
import {
|
|
agentCredentialsEqual,
|
|
resolveAgentCredentialMapFromStore,
|
|
type AgentCredential,
|
|
} from "./agent-auth-credentials.js";
|
|
import { ensureAuthProfileStore } from "./auth-profiles/store.js";
|
|
|
|
type AuthJsonShape = Record<string, unknown>;
|
|
|
|
const AgentCredentialSchema: z.ZodType<AgentCredential> = z.discriminatedUnion("type", [
|
|
z.object({
|
|
type: z.literal("api_key"),
|
|
key: z.string(),
|
|
}),
|
|
z.object({
|
|
type: z.literal("oauth"),
|
|
access: z.string(),
|
|
refresh: z.string(),
|
|
expires: z.number(),
|
|
}),
|
|
]);
|
|
|
|
const AuthJsonShapeSchema = z.record(z.string(), z.unknown());
|
|
|
|
async function readAuthJson(rootDir: string, filePath: string): Promise<AuthJsonShape> {
|
|
try {
|
|
const parsed = await privateFileStore(rootDir).readJsonIfExists(
|
|
path.relative(rootDir, filePath),
|
|
);
|
|
return safeParseWithSchema(AuthJsonShapeSchema, parsed) ?? {};
|
|
} catch {
|
|
return {};
|
|
}
|
|
}
|
|
|
|
/**
|
|
* session runtime's ModelRegistry/AuthStorage expects credentials in auth.json.
|
|
*
|
|
* OpenClaw stores credentials in auth-profiles.json instead. This helper
|
|
* bridges all credentials into agentDir/auth.json so session runtime can
|
|
* consider provider-owned configured models authenticated.
|
|
*
|
|
* Syncs all credential types: api_key, token (as api_key), and oauth.
|
|
*
|
|
* @deprecated Runtime auth now comes from OpenClaw auth-profiles snapshots.
|
|
*/
|
|
export async function ensureAgentAuthJsonFromAuthProfiles(agentDir: string): Promise<{
|
|
wrote: boolean;
|
|
authPath: string;
|
|
}> {
|
|
const store = ensureAuthProfileStore(agentDir, { allowKeychainPrompt: false });
|
|
const authPath = path.join(agentDir, "auth.json");
|
|
const providerCredentials = resolveAgentCredentialMapFromStore(store);
|
|
if (Object.keys(providerCredentials).length === 0) {
|
|
return { wrote: false, authPath };
|
|
}
|
|
|
|
const existing = await readAuthJson(agentDir, authPath);
|
|
let changed = false;
|
|
|
|
for (const [provider, cred] of Object.entries(providerCredentials)) {
|
|
const current = safeParseWithSchema(AgentCredentialSchema, existing[provider]) ?? undefined;
|
|
if (!agentCredentialsEqual(current, cred)) {
|
|
existing[provider] = cred;
|
|
changed = true;
|
|
}
|
|
}
|
|
|
|
if (!changed) {
|
|
return { wrote: false, authPath };
|
|
}
|
|
|
|
await privateFileStore(agentDir).writeJson(path.basename(authPath), existing, {
|
|
trailingNewline: true,
|
|
});
|
|
|
|
return { wrote: true, authPath };
|
|
}
|