vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-29 10:50:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5acd7dee567745c19285eb0e0417329fe7a79b1
openclaw/src/agents/model-auth-markers.ts
pomelo dad68d319b Remove Qwen OAuth integration (qwen-portal-auth) (#52709) 
* Remove Qwen OAuth integration (qwen-portal-auth)

Qwen OAuth via portal.qwen.ai is being deprecated by the Qwen team due
to traffic impact on their primary Qwen Code user base. Users should
migrate to the officially supported Model Studio (Alibaba Cloud Coding
Plan) provider instead.

Ref: https://github.com/openclaw/openclaw/issues/49557

- Delete extensions/qwen-portal-auth/ plugin entirely
- Remove qwen-portal from onboarding auth choices, provider aliases,
  auto-enable list, bundled plugin defaults, and pricing cache
- Remove Qwen CLI credential sync (external-cli-sync, cli-credentials)
- Remove QWEN_OAUTH_MARKER from model auth markers
- Update docs/providers/qwen.md to redirect to Model Studio
- Update model-providers docs (EN + zh-CN) to remove Qwen OAuth section
- Regenerate config and plugin-sdk baselines
- Update all affected tests

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>

* Clean up residual qwen-portal references after OAuth removal

* Add migration hint for deprecated qwen-portal OAuth provider

* fix: finish qwen oauth removal follow-up

---------

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
Co-authored-by: Frank Yang <frank.ekn@gmail.com>
2026-03-26 16:32:34 +08:00

98 lines
3.1 KiB
TypeScript
Raw Blame History

import type { SecretRefSource } from "../config/types.secrets.js";
import { listKnownProviderEnvApiKeyNames } from "./model-auth-env-vars.js";
export const MINIMAX_OAUTH_MARKER = "minimax-oauth";
export const OAUTH_API_KEY_MARKER_PREFIX = "oauth:";
export const OLLAMA_LOCAL_AUTH_MARKER = "ollama-local";
export const CUSTOM_LOCAL_AUTH_MARKER = "custom-local";
export const GCP_VERTEX_CREDENTIALS_MARKER = "gcp-vertex-credentials";
export const NON_ENV_SECRETREF_MARKER = "secretref-managed"; // pragma: allowlist secret
export const SECRETREF_ENV_HEADER_MARKER_PREFIX = "secretref-env:"; // pragma: allowlist secret
const AWS_SDK_ENV_MARKERS = new Set([
"AWS_BEARER_TOKEN_BEDROCK",
"AWS_ACCESS_KEY_ID",
"AWS_PROFILE",
]);
// Legacy marker names kept for backward compatibility with existing models.json files.
const LEGACY_ENV_API_KEY_MARKERS = [
"GOOGLE_API_KEY",
"DEEPSEEK_API_KEY",
"PERPLEXITY_API_KEY",
"FIREWORKS_API_KEY",
"NOVITA_API_KEY",
"AZURE_OPENAI_API_KEY",
"AZURE_API_KEY",
"MINIMAX_CODE_PLAN_KEY",
];
const KNOWN_ENV_API_KEY_MARKERS = new Set([
...listKnownProviderEnvApiKeyNames(),
...LEGACY_ENV_API_KEY_MARKERS,
...AWS_SDK_ENV_MARKERS,
]);
export function isAwsSdkAuthMarker(value: string): boolean {
return AWS_SDK_ENV_MARKERS.has(value.trim());
}
export function isKnownEnvApiKeyMarker(value: string): boolean {
const trimmed = value.trim();
return KNOWN_ENV_API_KEY_MARKERS.has(trimmed) && !isAwsSdkAuthMarker(trimmed);
}
export function resolveOAuthApiKeyMarker(providerId: string): string {
return `${OAUTH_API_KEY_MARKER_PREFIX}${providerId.trim()}`;
}
export function isOAuthApiKeyMarker(value: string): boolean {
return value.trim().startsWith(OAUTH_API_KEY_MARKER_PREFIX);
}
export function resolveNonEnvSecretRefApiKeyMarker(_source: SecretRefSource): string {
return NON_ENV_SECRETREF_MARKER;
}
export function resolveNonEnvSecretRefHeaderValueMarker(_source: SecretRefSource): string {
return NON_ENV_SECRETREF_MARKER;
}
export function resolveEnvSecretRefHeaderValueMarker(envVarName: string): string {
return `${SECRETREF_ENV_HEADER_MARKER_PREFIX}${envVarName.trim()}`;
}
export function isSecretRefHeaderValueMarker(value: string): boolean {
const trimmed = value.trim();
return (
trimmed === NON_ENV_SECRETREF_MARKER || trimmed.startsWith(SECRETREF_ENV_HEADER_MARKER_PREFIX)
);
}
export function isNonSecretApiKeyMarker(
value: string,
opts?: { includeEnvVarName?: boolean },
): boolean {
const trimmed = value.trim();
if (!trimmed) {
return false;
}
const isKnownMarker =
trimmed === MINIMAX_OAUTH_MARKER ||
isOAuthApiKeyMarker(trimmed) ||
trimmed === OLLAMA_LOCAL_AUTH_MARKER ||
trimmed === CUSTOM_LOCAL_AUTH_MARKER ||
trimmed === GCP_VERTEX_CREDENTIALS_MARKER ||
trimmed === NON_ENV_SECRETREF_MARKER ||
isAwsSdkAuthMarker(trimmed);
if (isKnownMarker) {
return true;
}
if (opts?.includeEnvVarName === false) {
return false;
}
// Do not treat arbitrary ALL_CAPS values as markers; only recognize the
// known env-var markers we intentionally persist for compatibility.
return KNOWN_ENV_API_KEY_MARKERS.has(trimmed);
}
Reference in New Issue View Git Blame Copy Permalink