























@@ -2,11 +2,13 @@ import type { OpenClawConfig } from "../config/types.openclaw.js";
22import { resolveProviderSyntheticAuthWithPlugin } from "../plugins/provider-runtime.js";
33import type { AuthProfileStore } from "./auth-profiles/types.js";
44import {
5+isKnownEnvApiKeyMarker,
56isNonSecretApiKeyMarker,
67resolveNonEnvSecretRefApiKeyMarker,
78} from "./model-auth-markers.js";
89import {
910listAuthProfilesForProvider,
11+normalizeApiKeyConfig,
1012resolveApiKeyFromCredential,
1113resolveApiKeyFromProfiles,
1214resolveEnvApiKeyVarName,
@@ -61,6 +63,7 @@ export function createProviderApiKeyResolver(
6163const fromConfig = resolveConfigBackedProviderAuth({
6264provider: authProvider,
6365 config,
66+ env,
6467});
6568if (fromConfig?.apiKey) {
6669return {
@@ -145,6 +148,7 @@ export function createProviderAuthResolver(
145148const fromConfig = resolveConfigBackedProviderAuth({
146149provider: authProvider,
147150 config,
151+ env,
148152});
149153if (fromConfig) {
150154return {
@@ -163,7 +167,11 @@ export function createProviderAuthResolver(
163167};
164168}
165169166-function resolveConfigBackedProviderAuth(params: { provider: string; config?: OpenClawConfig }):
170+function resolveConfigBackedProviderAuth(params: {
171+provider: string;
172+config?: OpenClawConfig;
173+env?: NodeJS.ProcessEnv;
174+}):
167175| {
168176apiKey: string;
169177discoveryApiKey?: string;
@@ -182,19 +190,51 @@ function resolveConfigBackedProviderAuth(params: { provider: string; config?: Op
182190},
183191});
184192const apiKey = synthetic?.apiKey?.trim();
185-if (!apiKey) {
193+if (apiKey) {
194+return isNonSecretApiKeyMarker(apiKey)
195+ ? {
196+ apiKey,
197+discoveryApiKey: toDiscoveryApiKey(apiKey),
198+mode: "api_key",
199+source: "config",
200+}
201+ : {
202+apiKey: resolveNonEnvSecretRefApiKeyMarker("file"),
203+discoveryApiKey: toDiscoveryApiKey(apiKey),
204+mode: "api_key",
205+source: "config",
206+};
207+}
208+209+const configuredProvider = params.config?.models?.providers?.[authProvider];
210+if (typeof configuredProvider?.apiKey !== "string") {
211+return undefined;
212+}
213+const configuredApiKey = normalizeApiKeyConfig(configuredProvider.apiKey);
214+if (!configuredApiKey) {
186215return undefined;
187216}
188-return isNonSecretApiKeyMarker(apiKey)
217+if (isKnownEnvApiKeyMarker(configuredApiKey)) {
218+const envValue = params.env?.[configuredApiKey]?.trim();
219+return envValue
220+ ? {
221+apiKey: configuredApiKey,
222+discoveryApiKey: toDiscoveryApiKey(envValue),
223+mode: "api_key",
224+source: "config",
225+}
226+ : undefined;
227+}
228+return isNonSecretApiKeyMarker(configuredApiKey)
189229 ? {
190- apiKey,
191-discoveryApiKey: toDiscoveryApiKey(apiKey),
230+apiKey: configuredApiKey,
231+discoveryApiKey: toDiscoveryApiKey(configuredApiKey),
192232mode: "api_key",
193233source: "config",
194234}
195235 : {
196-apiKey: resolveNonEnvSecretRefApiKeyMarker("file"),
197-discoveryApiKey: toDiscoveryApiKey(apiKey),
236+apiKey: configuredApiKey,
237+discoveryApiKey: toDiscoveryApiKey(configuredApiKey),
198238mode: "api_key",
199239source: "config",
200240};
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。