mirror of
https://github.com/openclaw/openclaw.git
synced 2026-03-19 14:00:51 +00:00
73 lines
2.3 KiB
TypeScript
73 lines
2.3 KiB
TypeScript
import fs from "node:fs/promises";
|
|
import path from "node:path";
|
|
import { ensureAuthProfileStore } from "./auth-profiles.js";
|
|
import {
|
|
piCredentialsEqual,
|
|
resolvePiCredentialMapFromStore,
|
|
type PiCredential,
|
|
} from "./pi-auth-credentials.js";
|
|
|
|
/**
|
|
* @deprecated Legacy bridge for older flows that still expect `agentDir/auth.json`.
|
|
* Runtime auth resolution uses auth-profiles directly and should not depend on this module.
|
|
*/
|
|
type AuthJsonCredential = PiCredential;
|
|
|
|
type AuthJsonShape = Record<string, AuthJsonCredential>;
|
|
|
|
async function readAuthJson(filePath: string): Promise<AuthJsonShape> {
|
|
try {
|
|
const raw = await fs.readFile(filePath, "utf8");
|
|
const parsed = JSON.parse(raw) as unknown;
|
|
if (!parsed || typeof parsed !== "object") {
|
|
return {};
|
|
}
|
|
return parsed as AuthJsonShape;
|
|
} catch {
|
|
return {};
|
|
}
|
|
}
|
|
|
|
/**
|
|
* pi-coding-agent's ModelRegistry/AuthStorage expects credentials in auth.json.
|
|
*
|
|
* OpenClaw stores credentials in auth-profiles.json instead. This helper
|
|
* bridges all credentials into agentDir/auth.json so pi-coding-agent can
|
|
* (a) consider providers authenticated and (b) include built-in models in its
|
|
* registry/catalog output.
|
|
*
|
|
* Syncs all credential types: api_key, token (as api_key), and oauth.
|
|
*
|
|
* @deprecated Runtime auth now comes from OpenClaw auth-profiles snapshots.
|
|
*/
|
|
export async function ensurePiAuthJsonFromAuthProfiles(agentDir: string): Promise<{
|
|
wrote: boolean;
|
|
authPath: string;
|
|
}> {
|
|
const store = ensureAuthProfileStore(agentDir, { allowKeychainPrompt: false });
|
|
const authPath = path.join(agentDir, "auth.json");
|
|
const providerCredentials = resolvePiCredentialMapFromStore(store);
|
|
if (Object.keys(providerCredentials).length === 0) {
|
|
return { wrote: false, authPath };
|
|
}
|
|
|
|
const existing = await readAuthJson(authPath);
|
|
let changed = false;
|
|
|
|
for (const [provider, cred] of Object.entries(providerCredentials)) {
|
|
if (!piCredentialsEqual(existing[provider], cred)) {
|
|
existing[provider] = cred;
|
|
changed = true;
|
|
}
|
|
}
|
|
|
|
if (!changed) {
|
|
return { wrote: false, authPath };
|
|
}
|
|
|
|
await fs.mkdir(agentDir, { recursive: true, mode: 0o700 });
|
|
await fs.writeFile(authPath, `${JSON.stringify(existing, null, 2)}\n`, { mode: 0o600 });
|
|
|
|
return { wrote: true, authPath };
|
|
}
|