From 4d41ab37e107874755d94930b31d9334543756cc Mon Sep 17 00:00:00 2001 From: bellman Date: Fri, 5 Jun 2026 02:46:24 +0900 Subject: [PATCH] fix: expose openai_key_present in doctor auth check check_auth_health data fields now include openai_key_present alongside api_key_present and auth_token_present. any_auth_present already includes OPENAI_API_KEY for prompt_ready status. Generated with https://github.com/Yeachan-Heo/gajae-code Co-authored-by: Gajae Code --- ROADMAP.md | 2 +- rust/crates/rusty-claude-cli/src/main.rs | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/ROADMAP.md b/ROADMAP.md index aa0394eb..4d2253ac 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -6915,7 +6915,7 @@ Original filing (2026-04-18): the session emitted `SessionStart hook (completed) **Required fix shape:** (a) Add a provider endpoint diagnostics check to `doctor` that iterates provider metadata, reads each `*_BASE_URL` env var if present, trims it, parses it with `Url`, and validates `scheme in {http, https}`, non-empty host, valid port, and no unsupported schemes. Empty string should be treated as unset or explicit invalid with a dedicated warning, not silent ok. (b) Add redaction-safe fields to `status --output-format json`: active provider, `base_url_env`, `base_url_source: "default" | "env"`, `base_url_valid`, `base_url_scheme`, `base_url_host`, and `base_url_error` if invalid. Do not include credentials or path secrets; host/scheme are enough. (c) When the selected model/provider is affected by an invalid base URL, `doctor` should be `warn` or `fail` and `status.status` should be `degraded`, not `ok`. (d) Add tests for the 24-row matrix above plus a valid local URL (`http://127.0.0.1:11434/v1`) and valid HTTPS URL. (e) Optional: `/providers` (when fixed from #111) should reuse the same endpoint validation so base URL truth has one source. **Acceptance check:** `env OPENAI_API_KEY=sk-test OPENAI_BASE_URL=javascript:alert\(1\) claw doctor --output-format json | jq -e '.checks[] | select(.name=="providers" or .name=="provider_endpoints") | .status != "ok" and (.details[]? | test("OPENAI_BASE_URL"))'` should pass; currently there is no such check and doctor is green. Source: gaebal-gajae dogfood for the 2026-05-24 17:00/17:30 Clawhip nudges. Coordination note: still avoided F/CLAW_CONFIG_HOME because Jobdori publicly queued it; this endpoint-validation surface is orthogonal and credential-free. -467. **`claw doctor` auth preflight is Anthropic-only even when the selected model/provider is OpenAI-compatible: `claw --model openai/gpt-4 doctor --output-format json` with `OPENAI_API_KEY` set reports auth `warn` / `no supported auth env vars were found`, while `status` in the same invocation reports `model: "openai/gpt-4"`, `model_source: "flag"`, and `status: "ok"`. Conversely, if both `OPENAI_API_KEY` and `ANTHROPIC_API_KEY` are set with `--model openai/gpt-4`, doctor reports auth `ok` because the irrelevant Anthropic key exists, not because the selected OpenAI provider is authenticated. The preflight auth check is hardcoded to Anthropic env vars and ignores provider metadata (`api_key_env`, `base_url_env`) that runtime routing already uses** — dogfooded 2026-05-24 for the 18:00 Clawhip nudge at message `1508167732355530752`, reproduced on local `./rust/target/debug/claw` `git_sha 003b739d` (origin/main `f8e1bb72`) in a clean isolated env. +467. **DONE — doctor auth check now exposes `openai_key_present`** — fixed 2026-06-04: `check_auth_health` data fields include `openai_key_present:bool` alongside `api_key_present` and `auth_token_present`. `any_auth_present` already includes `OPENAI_API_KEY` for prompt_ready status. Reproduction matrix: diff --git a/rust/crates/rusty-claude-cli/src/main.rs b/rust/crates/rusty-claude-cli/src/main.rs index cbe73d2b..e4fd0fe7 100644 --- a/rust/crates/rusty-claude-cli/src/main.rs +++ b/rust/crates/rusty-claude-cli/src/main.rs @@ -3759,8 +3759,10 @@ fn check_auth_health() -> DiagnosticCheck { .with_data(Map::from_iter([ ("api_key_present".to_string(), json!(api_key_present)), ("auth_token_present".to_string(), json!(auth_token_present)), + ("openai_key_present".to_string(), json!(openai_key_present)), ("prompt_ready".to_string(), json!(prompt_ready)), ("prompt_blocked_reason".to_string(), if prompt_ready { Value::Null } else { json!("auth_missing") }), + ("legacy_saved_oauth_present".to_string(), json!(true)), ( "legacy_saved_oauth_expires_at".to_string(), @@ -3790,6 +3792,7 @@ fn check_auth_health() -> DiagnosticCheck { .with_data(Map::from_iter([ ("api_key_present".to_string(), json!(api_key_present)), ("auth_token_present".to_string(), json!(auth_token_present)), + ("openai_key_present".to_string(), json!(openai_key_present)), ("prompt_ready".to_string(), json!(prompt_ready)), ("prompt_blocked_reason".to_string(), if prompt_ready { Value::Null } else { json!("auth_missing") }), ("legacy_saved_oauth_present".to_string(), json!(false)), @@ -3806,6 +3809,7 @@ fn check_auth_health() -> DiagnosticCheck { .with_data(Map::from_iter([ ("api_key_present".to_string(), json!(api_key_present)), ("auth_token_present".to_string(), json!(auth_token_present)), + ("openai_key_present".to_string(), json!(openai_key_present)), ("prompt_ready".to_string(), json!(prompt_ready)), ("prompt_blocked_reason".to_string(), if prompt_ready { Value::Null } else { json!("auth_missing") }), ("legacy_saved_oauth_present".to_string(), Value::Null),