惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

L
LINUX DO - 最新话题
C
Cyber Attacks, Cyber Crime and Cyber Security
G
GRAHAM CLULEY
T
Tenable Blog
T
Threatpost
C
CXSECURITY Database RSS Feed - CXSecurity.com
I
Intezer
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
D
Darknet – Hacking Tools, Hacker News & Cyber Security
K
Kaspersky official blog
Security Latest
Security Latest
P
Privacy & Cybersecurity Law Blog
Google Online Security Blog
Google Online Security Blog
SecWiki News
SecWiki News
P
Palo Alto Networks Blog
TaoSecurity Blog
TaoSecurity Blog
Webroot Blog
Webroot Blog
Spread Privacy
Spread Privacy
O
OpenAI News
The Last Watchdog
The Last Watchdog
P
Proofpoint News Feed
C
Check Point Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
人人都是产品经理
人人都是产品经理
S
Security @ Cisco Blogs
Scott Helme
Scott Helme
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
月光博客
月光博客
S
Securelist
酷 壳 – CoolShell
酷 壳 – CoolShell
V
V2EX
T
Troy Hunt's Blog
W
WeLiveSecurity
GbyAI
GbyAI
N
News | PayPal Newsroom
Y
Y Combinator Blog
C
Cisco Blogs
H
Help Net Security
The GitHub Blog
The GitHub Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 【当耐特】
Jina AI
Jina AI
MongoDB | Blog
MongoDB | Blog
P
Proofpoint News Feed
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
云风的 BLOG
云风的 BLOG
小众软件
小众软件
N
News and Events Feed by Topic

Recent Commits to openclaw:main

test: merge chat side-result checks · openclaw/openclaw@ddd2c2a test: merge cron history checks · openclaw/openclaw@f7eb746 test: merge responsive navigation shell checks · openclaw/openclaw@c2e4b47 docs(changelog): add codex oauth fixes · openclaw/openclaw@628e6cd test: merge navigation routing cases · openclaw/openclaw@5d8cecb Tests: mock channel registry bundled fallback · openclaw/openclaw@2b08233 Secrets: avoid broad web search discovery for single plugin config · openclaw/openclaw@a464f59 test: merge config view browser checks · openclaw/openclaw@20cf511 fix(status): align oauth health with runtime · openclaw/openclaw@eed7116 feat: add macOS screen snapshots for monitor preview (#67954) thanks … · openclaw/openclaw@f377db1 fix: report shared auth scopes in hello-ok (#67810) thanks @BunsDev · openclaw/openclaw@0b6c39b Auto-reply: avoid eager bundled route fallback · openclaw/openclaw@3ea1bf4 Tests: narrow session binding contract setup · openclaw/openclaw@54e4e16 fix(macOS): enable undo/redo in webchat composer text input (#34962) · openclaw/openclaw@00951dc Tests: speed up channel setup promotion · openclaw/openclaw@82b529a Docs: refresh agent instructions · openclaw/openclaw@5775fe2 fix(auth): serialize OAuth refresh across agents to fix #26322 (#67876) · openclaw/openclaw@8e79080 test: allow ollama public surface boundary test · openclaw/openclaw@7d4f1a6 Docs: add test performance guardrails · openclaw/openclaw@89706d3 Tests: restore context-engine usage proof · openclaw/openclaw@e4c4f95 Tests: slim context engine runtime coverage · openclaw/openclaw@74c198f ci: retry failed custom checkouts · openclaw/openclaw@0ee5baf test: trim duplicate provider auth onboarding cases · openclaw/openclaw@1ffc02e matrix: fix sessions_spawn --thread subagent session spawning (#67643) · openclaw/openclaw@1ce2596 test: reduce auth choice fixture churn · openclaw/openclaw@857b9cd test: mock health status config boundaries · openclaw/openclaw@9d5ab4a test: mock onboard config io boundary · openclaw/openclaw@299694d test: mock legacy state plugin boundaries · openclaw/openclaw@2713089 test: mock channel install boundaries · openclaw/openclaw@b945248 test: mock doctor preview channel boundaries · openclaw/openclaw@b1a3ad4 test: trim doctor command hotspots · openclaw/openclaw@c66f16a test: isolate agent auth and spawn hotspots · openclaw/openclaw@9285935 test: stabilize MCP startup disposal race · openclaw/openclaw@dd9d2eb test: merge browser contract server suites · openclaw/openclaw@5817a76 test: narrow ollama provider discovery setup · openclaw/openclaw@a0d9598 build: declare qa-lab aimock runtime dependency · openclaw/openclaw@24431e5 test: speed up safe-bins exec harness · openclaw/openclaw@ee856ab test: preserve tool helpers in embedded runner mocks · openclaw/openclaw@acd86a0 refactor: move memory embeddings into provider plugins · openclaw/openclaw@77e6e4c test: reuse system-run temp fixtures · openclaw/openclaw@7e9ff0f test: trim hotspot wait overhead · openclaw/openclaw@12a59b0 Check: avoid duplicate boundary prep · openclaw/openclaw@baf11b8 test: reduce hotspot fixture overhead · openclaw/openclaw@3a59edd feat(ui): overhaul settings and slash command UX (#67819) thanks @Bun… · openclaw/openclaw@2cfb660 QA Matrix: exit cleanly on failure · openclaw/openclaw@42805d2 QA Matrix: isolate scenario coverage · openclaw/openclaw@7e659e1 Matrix: refresh crypto bootstrap state · openclaw/openclaw@94081d8 QA Lab: add provider registry · openclaw/openclaw@bb7e982 Matrix: add plugin changelog · openclaw/openclaw@4acab55 test: trim more hotspot overhead · openclaw/openclaw@f485311 test: trim remaining hotspot tests · openclaw/openclaw@6ba8626 test: narrow hotspot mocks · openclaw/openclaw@dbc8179 test: isolate gemini embedding request helpers · openclaw/openclaw@cd330f5 test: trim memory and mcp hotspots · openclaw/openclaw@fd48dfa test: slim provider registry mocks · openclaw/openclaw@2e08c77 test: harden Parallels update smoke · openclaw/openclaw@1a98090 feat: default Anthropic to Opus 4.7 · openclaw/openclaw@628b454 fix: harden node-host shell payload mutability checks · openclaw/openclaw@75c551e fix: land node-host approval binding for native binaries (#66731) (th… · openclaw/openclaw@29919bb CI: add daily schedule to CodeQL workflow (#67645) · openclaw/openclaw@69d25f5 fix(gateway): capture config hash after plugin auto-enable to prevent… · openclaw/openclaw@8c11210 fix: repair sanitized replay tool results before send (#67620) (thank… · openclaw/openclaw@c3c7a99 fix: restrict HTML timeout short-circuit to transient statuses · openclaw/openclaw@de129a6 fix: keep TUI watchdog bound to active run (#67401) (thanks @xantorres) · openclaw/openclaw@3525273 Gateway/skills: dedupe skills prefix-match + drop dead fallback on log · openclaw/openclaw@d7f489f Extensions/lmstudio: back off inference preload after consecutive fai… · openclaw/openclaw@b555214 TUI/streaming: add watchdog that resets the activity indicator after … · openclaw/openclaw@f44ab20 Agents/tool-loop: enable unknown-tool stream guard by default · openclaw/openclaw@36ed367 Gateway/skills: invalidate session skills snapshot on config write · openclaw/openclaw@b23d59a fix: classify HTML provider error pages correctly (#67642) (thanks @s… · openclaw/openclaw@e588e90 fix(skills): remove unused model-usage import (#67641) · openclaw/openclaw@55f05df docs(changelog): credit codex fix superseded PRs · openclaw/openclaw@e485f24 fix(openai-codex): normalize stale transport metadata in resolution a… · openclaw/openclaw@90801ba CI: pin Docker-related GitHub Actions (#67632) · openclaw/openclaw@f697b01 Android: modernize WebView and discovery API usage (#67627) · openclaw/openclaw@44a6e50 fix(deps): bump hono to 4.12.14 and @hono/node-server to 1.19.14 (GHS… · openclaw/openclaw@fbccc18 fix(deps): bump dompurify to 3.4.0 (#67614) · openclaw/openclaw@2c2dc00 CI: add explicit permissions to all workflow jobs (fixes code-scannin… · openclaw/openclaw@01b7516 fix: register bundled TTS providers and route overrides correctly (#6… · openclaw/openclaw@6ea3cdd fix: align host tilde paths with OS home (#62804) (thanks @stainlu) · openclaw/openclaw@ecfaf64 fix: flush creds queue before reconnect socket open (#67464) (thanks … · openclaw/openclaw@405c63f fix: strip standalone <function> tool call tags from visible text (#6… · openclaw/openclaw@78df859 fix(agents): preserve cli session metadata before transcript persist … · openclaw/openclaw@898fd04 docs(changelog): move cli transcript entry · openclaw/openclaw@c1817c6 fix(agents): normalize cli transcript api field · openclaw/openclaw@3a3fae0 docs(changelog): note cli transcript persistence · openclaw/openclaw@6c343f1 fix(agents): persist cli transcript turns · openclaw/openclaw@b8ef507 fix(msteams): harden security-sensitive flows (#65841) · openclaw/openclaw@c56b56e [Dashboard] Fix exec approval modal overflow for long command content… · openclaw/openclaw@053c5b0 Docs: remove QA changelog entry · openclaw/openclaw@7fd5771 QA: fix private runtime source loading (#67428) · openclaw/openclaw@d5933af docs(gateway): correct protocol.md schema path, hello-ok example, aut… · openclaw/openclaw@489404d CI: pin Node 22 runners to 22.18.0 · openclaw/openclaw@4ffa621 models.authStatus: normalize provider ids + tighten env-backed escape… · openclaw/openclaw@f2fdb9d Update CHANGELOG.md · openclaw/openclaw@7694a92 test(parallels): clean up npm update guard jobs · openclaw/openclaw@045ea7b Plugins: prefer scanDir override paths · openclaw/openclaw@b2974da fix(dreaming): default storage.mode to "separate" so phase blocks sto… · openclaw/openclaw@8c392f0 fix(memory-core): skip dreaming transcript ingestion via session stor… · openclaw/openclaw@a1b01f0 fix: dedupe replayed exec.finished node events (#67281) · openclaw/openclaw@5dcf526
fix(agents): use neutral billing copy for subscription auth (#93763) · openclaw/openclaw@7c97c6d
eldar702 · 2026-06-17 · via Recent Commits to openclaw:main
Original file line numberDiff line numberDiff line change

@@ -39,6 +39,7 @@ export {

3939

listProfilesForProvider,

4040

markAuthProfileSuccess,

4141

removeProviderAuthProfilesWithLock,

42+

resolveSubscriptionAuthModeForProfiles,

4243

setAuthProfileOrder,

4344

upsertAuthProfile,

4445

upsertAuthProfileWithLock,

Original file line numberDiff line numberDiff line change

@@ -19,3 +19,16 @@ export function listProfilesForProvider(store: AuthProfileStore, provider: strin

1919

.filter(([, cred]) => resolveProviderIdForAuth(cred.provider) === providerKey)

2020

.map(([id]) => id);

2121

}

22+
23+

export function resolveSubscriptionAuthModeForProfiles(params: {

24+

store: AuthProfileStore;

25+

profileIds: ReadonlyArray<string | undefined>;

26+

}): "oauth" | "token" | undefined {

27+

for (const profileId of params.profileIds) {

28+

const type = profileId ? params.store.profiles[profileId]?.type : undefined;

29+

if (type === "oauth" || type === "token") {

30+

return type;

31+

}

32+

}

33+

return undefined;

34+

}

Original file line numberDiff line numberDiff line change

@@ -17,7 +17,11 @@ import {

1717

updateAuthProfileStoreWithLock,

1818

} from "./store.js";

1919

import type { AuthProfileCredential, AuthProfileStore, ProfileUsageStats } from "./types.js";

20-

export { dedupeProfileIds, listProfilesForProvider } from "./profile-list.js";

20+

export {

21+

dedupeProfileIds,

22+

listProfilesForProvider,

23+

resolveSubscriptionAuthModeForProfiles,

24+

} from "./profile-list.js";

2125
2226

// Auth profile order/lastGood keys may be stored as aliases. Resolve through

2327

// auth provider normalization before updating per-provider state.

Original file line numberDiff line numberDiff line change

@@ -673,6 +673,38 @@ describe("raw API error payload helpers", () => {

673673

});

674674

});

675675
676+

describe("formatBillingErrorMessage — authMode neutral copy (#80877)", () => {

677+

// OAuth/Max users should NOT see "API key" or "top up" language.

678+

it("returns neutral copy for oauth authMode — no 'API key' text", () => {

679+

const result = formatBillingErrorMessage("Anthropic", "claude-sonnet-4-5", "oauth");

680+

expect(result).not.toMatch(/api key/i);

681+

expect(result).not.toMatch(/top up/i);

682+

expect(result).toContain("check your account");

683+

});

684+
685+

it("returns neutral copy for token authMode — no 'API key' text", () => {

686+

const result = formatBillingErrorMessage("Anthropic", "claude-sonnet-4-5", "token");

687+

expect(result).not.toMatch(/api key/i);

688+

expect(result).not.toMatch(/top up/i);

689+

});

690+
691+

it("REGRESSION: api_key authMode still returns 'API key' copy", () => {

692+

const result = formatBillingErrorMessage("Anthropic", "claude-sonnet-4-5", "api_key");

693+

expect(result).toMatch(/api key/i);

694+

expect(result).toMatch(/top up/i);

695+

});

696+
697+

it("REGRESSION: undefined authMode (legacy call-sites) still returns 'API key' copy", () => {

698+

const result = formatBillingErrorMessage("Anthropic", "claude-sonnet-4-5");

699+

expect(result).toMatch(/api key/i);

700+

});

701+
702+

it("REGRESSION: no-provider call still returns generic 'API key' copy", () => {

703+

const result = formatBillingErrorMessage();

704+

expect(result).toMatch(/api key/i);

705+

});

706+

});

707+
676708

describe("sanitizeUserFacingText — streaming JSON parse error (#59076)", () => {

677709

it("rewrites transport-classified malformed streaming fragments in error context", () => {

678710

const result = sanitizeUserFacingText(MALFORMED_STREAMING_FRAGMENT_ERROR_MESSAGE, {

Original file line numberDiff line numberDiff line change

@@ -1324,7 +1324,15 @@ export function classifyAssistantFailoverReason(

13241324
13251325

export function formatAssistantErrorText(

13261326

msg: AssistantMessage,

1327-

opts?: { cfg?: OpenClawConfig; sessionKey?: string; provider?: string; model?: string },

1327+

opts?: {

1328+

cfg?: OpenClawConfig;

1329+

sessionKey?: string;

1330+

provider?: string;

1331+

model?: string;

1332+

/** Credential auth mode (e.g. "oauth", "token", "api_key", "aws-sdk").

1333+

* When "oauth" or "token", billing copy omits API-key language (#80877). */

1334+

authMode?: string;

1335+

},

13281336

): string | undefined {

13291337

// Also format errors if errorMessage is present, even if stopReason isn't "error"

13301338

const raw = (msg.errorMessage ?? "").trim();

@@ -1481,10 +1489,10 @@ export function formatAssistantErrorText(

14811489

isOpenRouterKeyLimitExceededError(raw, opts?.provider) ||

14821490

isOpenRouterKeyBudgetLimitExceededError(raw, opts?.provider)

14831491

) {

1484-

return formatBillingErrorMessage(opts?.provider, opts?.model ?? msg.model);

1492+

return formatBillingErrorMessage(opts?.provider, opts?.model ?? msg.model, opts?.authMode);

14851493

}

14861494

if (isBilling429MessageForProvider(raw, opts?.provider)) {

1487-

return formatBillingErrorMessage(opts?.provider, opts?.model ?? msg.model);

1495+

return formatBillingErrorMessage(opts?.provider, opts?.model ?? msg.model, opts?.authMode);

14881496

}

14891497
14901498

const transientCopy = formatRateLimitOrOverloadedErrorCopy(raw);

@@ -1506,7 +1514,7 @@ export function formatAssistantErrorText(

15061514

}

15071515
15081516

if (isBillingErrorMessage(raw)) {

1509-

return formatBillingErrorMessage(opts?.provider, opts?.model ?? msg.model);

1517+

return formatBillingErrorMessage(opts?.provider, opts?.model ?? msg.model, opts?.authMode);

15101518

}

15111519
15121520

if (providerRuntimeFailureKind === "schema") {

@@ -1560,7 +1568,14 @@ export function isRawAssistantErrorPassthrough(params: {

15601568
15611569

export function formatUserFacingAssistantErrorText(

15621570

msg: AssistantMessage,

1563-

opts?: { cfg?: OpenClawConfig; sessionKey?: string; provider?: string; model?: string },

1571+

opts?: {

1572+

cfg?: OpenClawConfig;

1573+

sessionKey?: string;

1574+

provider?: string;

1575+

model?: string;

1576+

/** Credential auth mode for billing copy (#80877). */

1577+

authMode?: string;

1578+

},

15641579

): string {

15651580

const friendlyError = formatAssistantErrorText(msg, opts);

15661581

const rawError = msg.errorMessage?.trim();

Original file line numberDiff line numberDiff line change

@@ -34,12 +34,31 @@ import {

3434

isTimeoutErrorMessage,

3535

} from "./failover-matches.js";

3636
37-

/** Format the billing failure copy with optional provider/model context. */

38-

export function formatBillingErrorMessage(provider?: string, model?: string): string {

37+

/** Format the billing failure copy with optional provider/model context.

38+

*

39+

* When `authMode` is `"oauth"` or `"token"` (i.e. Anthropic Max or a static

40+

* bearer-token subscription) the user has no API key to top up, so we emit

41+

* neutral copy that directs them to check their account instead (#80877).

42+

*/

43+

export function formatBillingErrorMessage(

44+

provider?: string,

45+

model?: string,

46+

authMode?: string,

47+

): string {

3948

const providerName = provider?.trim();

4049

const modelName = model?.trim();

4150

const providerLabel =

4251

providerName && modelName ? `${providerName} (${modelName})` : providerName || undefined;

52+
53+

// OAuth and static-token credentials do not have an API key to top up.

54+

const isSubscriptionAuth = authMode === "oauth" || authMode === "token";

55+

if (isSubscriptionAuth) {

56+

if (providerLabel) {

57+

return `⚠️ ${providerLabel} returned a billing error — check your account for subscription or usage limits, then try again.`;

58+

}

59+

return "⚠️ API provider returned a billing error — check your account for subscription or usage limits, then try again.";

60+

}

61+
4362

if (providerLabel) {

4463

return `⚠️ ${providerLabel} returned a billing error — your API key has run out of credits or has an insufficient balance. Check your ${providerName} billing dashboard and top up or switch to a different API key.`;

4564

}

Original file line numberDiff line numberDiff line change

@@ -2660,6 +2660,14 @@ describe("runEmbeddedAgent overflow compaction trigger routing", () => {

26602660

});

26612661
26622662

mockedRunEmbeddedAttempt.mockResolvedValue(makeAttemptResult({ promptError }));

2663+

mockedEnsureAuthProfileStoreWithoutExternalProfiles.mockReturnValue({

2664+

profiles: {

2665+

"test-profile": {

2666+

provider: "anthropic",

2667+

type: "oauth",

2668+

},

2669+

},

2670+

});

26632671

mockedCoerceToFailoverError.mockReturnValue(normalized);

26642672

mockedDescribeFailoverError.mockImplementation((err: unknown) => ({

26652673

message: err instanceof Error ? err.message : String(err),

@@ -2689,6 +2697,7 @@ describe("runEmbeddedAgent overflow compaction trigger routing", () => {

26892697

provider: "anthropic",

26902698

model: "test-model",

26912699

profileId: "test-profile",

2700+

authMode: "oauth",

26922701

});

26932702

expect(mockedResolveFailoverStatus).toHaveBeenCalledWith("rate_limit");

26942703

});

Original file line numberDiff line numberDiff line change

@@ -2142,6 +2142,9 @@ async function runEmbeddedAgentInternal(

21422142

sessionKey: resolvedSessionKey ?? params.sessionId,

21432143

provider: activeErrorContext.provider,

21442144

model: activeErrorContext.model,

2145+

authMode: lastProfileId

2146+

? attemptAuthProfileStore.profiles?.[lastProfileId]?.type

2147+

: undefined,

21452148

})

21462149

: undefined;

21472150

const assistantErrorText =

@@ -2766,10 +2769,14 @@ async function runEmbeddedAgentInternal(

27662769

// promptErrorSource === "compaction" means the model call already completed and the

27672770

// abort happened only while waiting for compaction/retry cleanup. Retrying from here

27682771

// would replay that completed tool turn as a fresh prompt attempt.

2772+

const promptAuthMode = lastProfileId

2773+

? attemptAuthProfileStore.profiles?.[lastProfileId]?.type

2774+

: undefined;

27692775

const normalizedPromptFailover = coerceToFailoverError(promptError, {

27702776

provider: activeErrorContext.provider,

27712777

model: activeErrorContext.model,

27722778

profileId: lastProfileId,

2779+

authMode: promptAuthMode,

27732780

sessionId: sessionIdUsed,

27742781

lane: globalLane,

27752782

});

@@ -2999,6 +3006,7 @@ async function runEmbeddedAgentInternal(

29993006

provider,

30003007

model: modelId,

30013008

profileId: lastProfileId,

3009+

authMode: promptAuthMode,

30023010

sessionId: sessionIdUsed,

30033011

lane: globalLane,

30043012

status,

@@ -3185,6 +3193,9 @@ async function runEmbeddedAgentInternal(

31853193

authFailure,

31863194

rateLimitFailure,

31873195

billingFailure,

3196+

authMode: lastProfileId

3197+

? attemptAuthProfileStore.profiles?.[lastProfileId]?.type

3198+

: undefined,

31883199

cloudCodeAssistFormatError,

31893200

isProbeSession,

31903201

overloadProfileRotations,

@@ -3300,6 +3311,9 @@ async function runEmbeddedAgentInternal(

33003311

sessionKey: params.sessionKey ?? params.sessionId,

33013312

provider: activeErrorContext.provider,

33023313

model: activeErrorContext.model,

3314+

authMode: lastProfileId

3315+

? attemptAuthProfileStore.profiles?.[lastProfileId]?.type

3316+

: undefined,

33033317

verboseLevel: params.verboseLevel,

33043318

reasoningLevel: params.reasoningLevel,

33053319

thinkingLevel: params.thinkLevel,

Original file line numberDiff line numberDiff line change

@@ -143,6 +143,8 @@ export async function handleAssistantFailover(params: {

143143

authFailure: boolean;

144144

rateLimitFailure: boolean;

145145

billingFailure: boolean;

146+

/** Credential auth mode (e.g. "oauth", "token", "api_key") for billing copy (#80877). */

147+

authMode?: string;

146148

cloudCodeAssistFormatError: boolean;

147149

isProbeSession: boolean;

148150

overloadProfileRotations: number;

@@ -331,6 +333,7 @@ export async function handleAssistantFailover(params: {

331333

provider: params.activeErrorContext.provider,

332334

model: params.activeErrorContext.model,

333335

profileId: params.lastProfileId,

336+

authMode: params.authMode,

334337

status,

335338

rawError: params.lastAssistant?.errorMessage?.trim(),

336339

suspend: shouldSuspend,

@@ -362,6 +365,7 @@ export async function handleAssistantFailover(params: {

362365

provider: params.activeErrorContext.provider,

363366

model: params.activeErrorContext.model,

364367

profileId: params.lastProfileId,

368+

authMode: params.authMode,

365369

status,

366370

rawError: params.lastAssistant?.errorMessage?.trim(),

367371

suspend: shouldSuspend,

@@ -386,6 +390,8 @@ function resolveAssistantFailoverErrorMessage(params: {

386390

rateLimitFailure: boolean;

387391

billingFailure: boolean;

388392

authFailure: boolean;

393+

/** Credential auth mode passed through to billing copy formatter (#80877). */

394+

authMode?: string;

389395

}): string {

390396

const timeoutFailure = params.timedOut || params.idleTimedOut;

391397

return (

@@ -395,6 +401,7 @@ function resolveAssistantFailoverErrorMessage(params: {

395401

sessionKey: params.sessionKey,

396402

provider: params.activeErrorContext.provider,

397403

model: params.activeErrorContext.model,

404+

authMode: params.authMode,

398405

})

399406

: undefined) ||

400407

params.lastAssistant?.errorMessage?.trim() ||

@@ -406,6 +413,7 @@ function resolveAssistantFailoverErrorMessage(params: {

406413

? formatBillingErrorMessage(

407414

params.activeErrorContext.provider,

408415

params.activeErrorContext.model,

416+

params.authMode,

409417

)

410418

: params.authFailure

411419

? "LLM request unauthorized."

Original file line numberDiff line numberDiff line change

@@ -2,6 +2,7 @@

22

import type { Model } from "openclaw/plugin-sdk/llm";

33

import { beforeEach, describe, expect, it, vi, type Mock } from "vitest";

44

import type { AuthProfileStore } from "../../auth-profiles.js";

5+

import { FailoverError } from "../../failover-error.js";

56

import type { RuntimeAuthState } from "./helpers.js";

67
78

const mocks = vi.hoisted(() => ({

@@ -95,21 +96,25 @@ function createMutableEmbeddedRunAuthController(params: {

9596

harness: MutableAuthControllerHarness;

9697

setRuntimeApiKey: RuntimeApiKeySetter;

9798

profileCandidates?: string[];

99+

authStore?: AuthProfileStore;

100+

fallbackConfigured?: boolean;

98101

warn?: (message: string) => void;

99102

}) {

100103

return createEmbeddedRunAuthController({

101104

config: undefined,

102105

agentDir: "/tmp/agent",

103106

workspaceDir: "/tmp/workspace",

104-

authStore: {

105-

version: 1,

106-

profiles: {},

107-

} as AuthProfileStore,

107+

authStore:

108+

params.authStore ??

109+

({

110+

version: 1,

111+

profiles: {},

112+

} as AuthProfileStore),

108113

authStorage: { setRuntimeApiKey: params.setRuntimeApiKey },

109114

profileCandidates: params.profileCandidates ?? ["default"],

110115

initialThinkLevel: "medium",

111116

attemptedThinking: new Set(),

112-

fallbackConfigured: false,

117+

fallbackConfigured: params.fallbackConfigured ?? false,

113118

allowTransientCooldownProbe: false,

114119

getProvider: () => "custom-openai",

115120

getModelId: () => "test-model",

@@ -228,6 +233,43 @@ describe("createEmbeddedRunAuthController", () => {

228233

});

229234

});

230235
236+

it("preserves OAuth mode when billing-disabled profiles are all unavailable", async () => {

237+

const harness = createMutableAuthControllerHarness();

238+

const profileId = "custom-openai:oauth";

239+

const controller = createMutableEmbeddedRunAuthController({

240+

harness,

241+

setRuntimeApiKey: vi.fn(),

242+

profileCandidates: [profileId],

243+

fallbackConfigured: true,

244+

authStore: {

245+

version: 1,

246+

profiles: {

247+

[profileId]: {

248+

type: "oauth",

249+

provider: "custom-openai",

250+

access: "access-token",

251+

refresh: "refresh-token",

252+

expires: Date.now() + 60_000,

253+

},

254+

},

255+

usageStats: {

256+

[profileId]: {

257+

disabledUntil: Date.now() + 60_000,

258+

disabledReason: "billing",

259+

},

260+

},

261+

},

262+

});

263+
264+

const error = await controller.initializeAuthProfile().catch((err: unknown) => err);

265+
266+

expect(error).toBeInstanceOf(FailoverError);

267+

expect(error).toMatchObject({

268+

reason: "billing",

269+

authMode: "oauth",

270+

});

271+

});

272+
231273

it("rejects privileged runtime transport overrides on the first auth exchange", async () => {

232274

let runtimeModel = createTestModel();

233275