



























@@ -1,4 +1,3 @@
1-import fs from "node:fs";
21import path from "node:path";
32import type { Api, Model } from "@mariozechner/pi-ai";
43import * as PiCodingAgent from "@mariozechner/pi-coding-agent";
@@ -11,17 +10,14 @@ import {
1110applyProviderResolvedModelCompatWithPlugins,
1211applyProviderResolvedTransportWithPlugin,
1312normalizeProviderResolvedModelWithPlugin,
14-resolveProviderSyntheticAuthWithPlugin,
1513} from "../plugins/provider-runtime.js";
16-import { resolveRuntimeSyntheticAuthProviderRefs } from "../plugins/synthetic-auth.runtime.js";
1714import { isRecord } from "../utils.js";
15+import type { PiCredentialMap } from "./pi-auth-credentials.js";
1816import {
19-ensureAuthProfileStore,
20-loadAuthProfileStoreForSecretsRuntime,
21-} from "./auth-profiles/store.js";
22-import { resolveProviderEnvApiKeyCandidates } from "./model-auth-env-vars.js";
23-import { resolveEnvApiKey } from "./model-auth-env.js";
24-import { resolvePiCredentialMapFromStore, type PiCredentialMap } from "./pi-auth-credentials.js";
17+resolvePiCredentialsForDiscovery,
18+scrubLegacyStaticAuthJsonEntriesForDiscovery,
19+type DiscoverAuthStorageOptions,
20+} from "./pi-auth-discovery.js";
2521import { normalizeProviderId } from "./provider-id.js";
26222723const PiAuthStorageClass = PiCodingAgent.AuthStorage;
@@ -168,49 +164,6 @@ function createOpenClawModelRegistry(
168164return registry;
169165}
170166171-export function scrubLegacyStaticAuthJsonEntriesForDiscovery(pathname: string): void {
172-if (process.env.OPENCLAW_AUTH_STORE_READONLY === "1") {
173-return;
174-}
175-if (!fs.existsSync(pathname)) {
176-return;
177-}
178-179-let parsed: unknown;
180-try {
181-parsed = JSON.parse(fs.readFileSync(pathname, "utf8")) as unknown;
182-} catch {
183-return;
184-}
185-if (!isRecord(parsed)) {
186-return;
187-}
188-189-let changed = false;
190-for (const [provider, value] of Object.entries(parsed)) {
191-if (!isRecord(value)) {
192-continue;
193-}
194-if (value.type !== "api_key") {
195-continue;
196-}
197-delete parsed[provider];
198-changed = true;
199-}
200-201-if (!changed) {
202-return;
203-}
204-205-if (Object.keys(parsed).length === 0) {
206-fs.rmSync(pathname, { force: true });
207-return;
208-}
209-210-fs.writeFileSync(pathname, `${JSON.stringify(parsed, null, 2)}\n`, "utf8");
211-fs.chmodSync(pathname, 0o600);
212-}
213-214167function createAuthStorage(AuthStorageLike: unknown, path: string, creds: PiCredentialMap) {
215168const withInMemory = AuthStorageLike as { inMemory?: (data?: unknown) => unknown };
216169if (typeof withInMemory.inMemory === "function") {
@@ -256,67 +209,6 @@ function createAuthStorage(AuthStorageLike: unknown, path: string, creds: PiCred
256209return withRuntimeOverride;
257210}
258211259-export function addEnvBackedPiCredentials(
260-credentials: PiCredentialMap,
261-env: NodeJS.ProcessEnv = process.env,
262-): PiCredentialMap {
263-const next = { ...credentials };
264-// pi-coding-agent hides providers from its registry when auth storage lacks
265-// a matching credential entry. Mirror env-backed provider auth here so
266-// live/model discovery sees the same providers runtime auth can use.
267-for (const provider of Object.keys(resolveProviderEnvApiKeyCandidates({ env }))) {
268-if (next[provider]) {
269-continue;
270-}
271-const resolved = resolveEnvApiKey(provider, env);
272-if (!resolved?.apiKey) {
273-continue;
274-}
275-next[provider] = {
276-type: "api_key",
277-key: resolved.apiKey,
278-};
279-}
280-return next;
281-}
282-283-type DiscoverAuthStorageOptions = {
284-readOnly?: boolean;
285-};
286-287-export function resolvePiCredentialsForDiscovery(
288-agentDir: string,
289-options?: DiscoverAuthStorageOptions,
290-): PiCredentialMap {
291-const store =
292-options?.readOnly === true
293- ? loadAuthProfileStoreForSecretsRuntime(agentDir)
294- : ensureAuthProfileStore(agentDir, { allowKeychainPrompt: false });
295-const credentials = addEnvBackedPiCredentials(resolvePiCredentialMapFromStore(store));
296-for (const provider of resolveRuntimeSyntheticAuthProviderRefs()) {
297-if (credentials[provider]) {
298-continue;
299-}
300-const resolved = resolveProviderSyntheticAuthWithPlugin({
301- provider,
302-context: {
303-config: undefined,
304- provider,
305-providerConfig: undefined,
306-},
307-});
308-const apiKey = resolved?.apiKey?.trim();
309-if (!apiKey) {
310-continue;
311-}
312-credentials[provider] = {
313-type: "api_key",
314-key: apiKey,
315-};
316-}
317-return credentials;
318-}
319-320212// Compatibility helpers for pi-coding-agent 0.50+ (discover* helpers removed).
321213export function discoverAuthStorage(
322214agentDir: string,
@@ -342,3 +234,10 @@ export function discoverModels(
342234options,
343235);
344236}
237+238+export {
239+addEnvBackedPiCredentials,
240+resolvePiCredentialsForDiscovery,
241+scrubLegacyStaticAuthJsonEntriesForDiscovery,
242+type DiscoverAuthStorageOptions,
243+} from "./pi-auth-discovery.js";
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。