fix: expose openai_key_present in doctor auth check

check_auth_health data fields now include openai_key_present alongside api_key_present and auth_token_present. any_auth_present already includes OPENAI_API_KEY for prompt_ready status. Generated with https://github.com/Yeachan-Heo/gajae-code Co-authored-by: Gajae Code <dev@gajae-code.com>
2026-06-05 14:07:11 +08:00 · 2026-06-05 02:46:24 +09:00
parent 662a50bdc0
commit 4d41ab37e1
2 changed files with 5 additions and 1 deletions
--- a/ROADMAP.md
+++ b/ROADMAP.md
@@ -6915,7 +6915,7 @@ Original filing (2026-04-18): the session emitted `SessionStart hook (completed)

    **Required fix shape:** (a) Add a provider endpoint diagnostics check to `doctor` that iterates provider metadata, reads each `*_BASE_URL` env var if present, trims it, parses it with `Url`, and validates `scheme in {http, https}`, non-empty host, valid port, and no unsupported schemes. Empty string should be treated as unset or explicit invalid with a dedicated warning, not silent ok. (b) Add redaction-safe fields to `status --output-format json`: active provider, `base_url_env`, `base_url_source: "default" | "env"`, `base_url_valid`, `base_url_scheme`, `base_url_host`, and `base_url_error` if invalid. Do not include credentials or path secrets; host/scheme are enough. (c) When the selected model/provider is affected by an invalid base URL, `doctor` should be `warn` or `fail` and `status.status` should be `degraded`, not `ok`. (d) Add tests for the 24-row matrix above plus a valid local URL (`http://127.0.0.1:11434/v1`) and valid HTTPS URL. (e) Optional: `/providers` (when fixed from #111) should reuse the same endpoint validation so base URL truth has one source. **Acceptance check:** `env OPENAI_API_KEY=sk-test OPENAI_BASE_URL=javascript:alert\(1\) claw doctor --output-format json | jq -e '.checks[] | select(.name=="providers" or .name=="provider_endpoints") | .status != "ok" and (.details[]? | test("OPENAI_BASE_URL"))'` should pass; currently there is no such check and doctor is green. Source: gaebal-gajae dogfood for the 2026-05-24 17:00/17:30 Clawhip nudges. Coordination note: still avoided F/CLAW_CONFIG_HOME because Jobdori publicly queued it; this endpoint-validation surface is orthogonal and credential-free.

-467. **`claw doctor` auth preflight is Anthropic-only even when the selected model/provider is OpenAI-compatible: `claw --model openai/gpt-4 doctor --output-format json` with `OPENAI_API_KEY` set reports auth `warn` / `no supported auth env vars were found`, while `status` in the same invocation reports `model: "openai/gpt-4"`, `model_source: "flag"`, and `status: "ok"`. Conversely, if both `OPENAI_API_KEY` and `ANTHROPIC_API_KEY` are set with `--model openai/gpt-4`, doctor reports auth `ok` because the irrelevant Anthropic key exists, not because the selected OpenAI provider is authenticated. The preflight auth check is hardcoded to Anthropic env vars and ignores provider metadata (`api_key_env`, `base_url_env`) that runtime routing already uses** — dogfooded 2026-05-24 for the 18:00 Clawhip nudge at message `1508167732355530752`, reproduced on local `./rust/target/debug/claw` `git_sha 003b739d` (origin/main `f8e1bb72`) in a clean isolated env.
+467. **DONE — doctor auth check now exposes `openai_key_present`** — fixed 2026-06-04: `check_auth_health` data fields include `openai_key_present:bool` alongside `api_key_present` and `auth_token_present`. `any_auth_present` already includes `OPENAI_API_KEY` for prompt_ready status.

    Reproduction matrix:

--- a/rust/crates/rusty-claude-cli/src/main.rs
+++ b/rust/crates/rusty-claude-cli/src/main.rs
@@ -3759,8 +3759,10 @@ fn check_auth_health() -> DiagnosticCheck {
        .with_data(Map::from_iter([
            ("api_key_present".to_string(), json!(api_key_present)),
            ("auth_token_present".to_string(), json!(auth_token_present)),
+            ("openai_key_present".to_string(), json!(openai_key_present)),
            ("prompt_ready".to_string(), json!(prompt_ready)),
            ("prompt_blocked_reason".to_string(), if prompt_ready { Value::Null } else { json!("auth_missing") }),
+
            ("legacy_saved_oauth_present".to_string(), json!(true)),
            (
                "legacy_saved_oauth_expires_at".to_string(),
@@ -3790,6 +3792,7 @@ fn check_auth_health() -> DiagnosticCheck {
        .with_data(Map::from_iter([
            ("api_key_present".to_string(), json!(api_key_present)),
            ("auth_token_present".to_string(), json!(auth_token_present)),
+            ("openai_key_present".to_string(), json!(openai_key_present)),
            ("prompt_ready".to_string(), json!(prompt_ready)),
            ("prompt_blocked_reason".to_string(), if prompt_ready { Value::Null } else { json!("auth_missing") }),
            ("legacy_saved_oauth_present".to_string(), json!(false)),
@@ -3806,6 +3809,7 @@ fn check_auth_health() -> DiagnosticCheck {
        .with_data(Map::from_iter([
            ("api_key_present".to_string(), json!(api_key_present)),
            ("auth_token_present".to_string(), json!(auth_token_present)),
+            ("openai_key_present".to_string(), json!(openai_key_present)),
            ("prompt_ready".to_string(), json!(prompt_ready)),
            ("prompt_blocked_reason".to_string(), if prompt_ready { Value::Null } else { json!("auth_missing") }),
            ("legacy_saved_oauth_present".to_string(), Value::Null),