import fs from "node:fs/promises"; import path from "node:path"; import { setTimeout as delay } from "node:timers/promises"; import { beforeAll, describe, expect, it, vi } from "vitest"; import { MINIMAX_API_BASE_URL, MINIMAX_CN_API_BASE_URL, ZAI_CODING_CN_BASE_URL, ZAI_CODING_GLOBAL_BASE_URL, ZAI_GLOBAL_BASE_URL, } from "../plugins/provider-model-definitions.js"; import { makeTempWorkspace } from "../test-helpers/workspace.js"; import { withEnvAsync } from "../test-utils/env.js"; import { createThrowingRuntime, readJsonFile, type NonInteractiveRuntime, } from "./onboard-non-interactive.test-helpers.js"; import { OPENAI_DEFAULT_MODEL } from "./openai-model-default.js"; type OnboardEnv = { configPath: string; runtime: NonInteractiveRuntime; }; type FetchLike = (input: RequestInfo | URL, init?: RequestInit) => Promise; const ensureWorkspaceAndSessionsMock = vi.hoisted(() => vi.fn(async (..._args: unknown[]) => {})); vi.mock("./onboard-helpers.js", async (importOriginal) => { const actual = await importOriginal(); return { ...actual, ensureWorkspaceAndSessions: ensureWorkspaceAndSessionsMock, }; }); const { runNonInteractiveSetup } = await import("./onboard-non-interactive.js"); const NON_INTERACTIVE_DEFAULT_OPTIONS = { nonInteractive: true, skipHealth: true, skipChannels: true, json: true, } as const; let ensureAuthProfileStore: typeof import("../agents/auth-profiles.js").ensureAuthProfileStore; let upsertAuthProfile: typeof import("../agents/auth-profiles.js").upsertAuthProfile; type ProviderAuthConfigSnapshot = { auth?: { profiles?: Record }; agents?: { defaults?: { model?: { primary?: string } } }; models?: { providers?: Record< string, { baseUrl?: string; api?: string; apiKey?: string | { source?: string; id?: string }; models?: Array<{ id?: string }>; } >; }; }; function createZaiFetchMock(responses: Record): FetchLike { return vi.fn(async (input, init) => { const url = typeof input === "string" ? input : input instanceof URL ? input.toString() : ""; const parsedBody = typeof init?.body === "string" ? (JSON.parse(init.body) as { model?: string }) : {}; const key = `${url}::${parsedBody.model ?? ""}`; const status = responses[key] ?? 404; return new Response( JSON.stringify( status === 200 ? { ok: true } : { error: { code: "unsupported", message: "unsupported" } }, ), { status, headers: { "content-type": "application/json" }, }, ); }); } async function withZaiProbeFetch( responses: Record, run: (fetchMock: FetchLike) => Promise, ): Promise { const originalVitest = process.env.VITEST; delete process.env.VITEST; const fetchMock = createZaiFetchMock(responses); vi.stubGlobal("fetch", fetchMock); try { return await run(fetchMock); } finally { vi.unstubAllGlobals(); if (originalVitest === undefined) { delete process.env.VITEST; } else { process.env.VITEST = originalVitest; } } } async function removeDirWithRetry(dir: string): Promise { for (let attempt = 0; attempt < 5; attempt += 1) { try { await fs.rm(dir, { recursive: true, force: true }); return; } catch (error) { const code = (error as NodeJS.ErrnoException).code; const isTransient = code === "ENOTEMPTY" || code === "EBUSY" || code === "EPERM"; if (!isTransient || attempt === 4) { throw error; } await delay(10 * (attempt + 1)); } } } async function withOnboardEnv( prefix: string, run: (ctx: OnboardEnv) => Promise, ): Promise { const tempHome = await makeTempWorkspace(prefix); const configPath = path.join(tempHome, "openclaw.json"); const runtime = createThrowingRuntime(); try { await withEnvAsync( { HOME: tempHome, OPENCLAW_STATE_DIR: tempHome, OPENCLAW_CONFIG_PATH: configPath, OPENCLAW_SKIP_CHANNELS: "1", OPENCLAW_SKIP_GMAIL_WATCHER: "1", OPENCLAW_SKIP_CRON: "1", OPENCLAW_SKIP_CANVAS_HOST: "1", OPENCLAW_GATEWAY_TOKEN: undefined, OPENCLAW_GATEWAY_PASSWORD: undefined, CUSTOM_API_KEY: undefined, OPENCLAW_DISABLE_CONFIG_CACHE: "1", }, async () => { await run({ configPath, runtime }); }, ); } finally { await removeDirWithRetry(tempHome); } } async function runNonInteractiveSetupWithDefaults( runtime: NonInteractiveRuntime, options: Record, ): Promise { await runNonInteractiveSetup( { ...NON_INTERACTIVE_DEFAULT_OPTIONS, ...options, }, runtime, ); } async function runOnboardingAndReadConfig( env: OnboardEnv, options: Record, ): Promise { await runNonInteractiveSetupWithDefaults(env.runtime, { skipSkills: true, ...options, }); return readJsonFile(env.configPath); } const CUSTOM_LOCAL_BASE_URL = "https://models.custom.local/v1"; const CUSTOM_LOCAL_MODEL_ID = "local-large"; const CUSTOM_LOCAL_PROVIDER_ID = "custom-models-custom-local"; async function runCustomLocalNonInteractive( runtime: NonInteractiveRuntime, overrides: Record = {}, ): Promise { await runNonInteractiveSetupWithDefaults(runtime, { authChoice: "custom-api-key", customBaseUrl: CUSTOM_LOCAL_BASE_URL, customModelId: CUSTOM_LOCAL_MODEL_ID, skipSkills: true, ...overrides, }); } async function readCustomLocalProviderApiKey(configPath: string): Promise { const cfg = await readJsonFile(configPath); const apiKey = cfg.models?.providers?.[CUSTOM_LOCAL_PROVIDER_ID]?.apiKey; return typeof apiKey === "string" ? apiKey : undefined; } async function readCustomLocalProviderApiKeyInput( configPath: string, ): Promise { const cfg = await readJsonFile(configPath); return cfg.models?.providers?.[CUSTOM_LOCAL_PROVIDER_ID]?.apiKey; } async function expectApiKeyProfile(params: { profileId: string; provider: string; key: string; metadata?: Record; }): Promise { const store = ensureAuthProfileStore(); const profile = store.profiles[params.profileId]; expect(profile?.type).toBe("api_key"); if (profile?.type === "api_key") { expect(profile.provider).toBe(params.provider); expect(profile.key).toBe(params.key); if (params.metadata) { expect(profile.metadata).toEqual(params.metadata); } } } describe("onboard (non-interactive): provider auth", () => { beforeAll(async () => { ({ ensureAuthProfileStore, upsertAuthProfile } = await import("../agents/auth-profiles.js")); }); it("stores MiniMax API key and uses global baseUrl by default", async () => { await withOnboardEnv("openclaw-onboard-minimax-", async (env) => { const cfg = await runOnboardingAndReadConfig(env, { authChoice: "minimax-global-api", minimaxApiKey: "sk-minimax-test", // pragma: allowlist secret }); expect(cfg.auth?.profiles?.["minimax:global"]?.provider).toBe("minimax"); expect(cfg.auth?.profiles?.["minimax:global"]?.mode).toBe("api_key"); expect(cfg.models?.providers?.minimax?.baseUrl).toBe(MINIMAX_API_BASE_URL); expect(cfg.agents?.defaults?.model?.primary).toBe("minimax/MiniMax-M2.7"); await expectApiKeyProfile({ profileId: "minimax:global", provider: "minimax", key: "sk-minimax-test", }); }); }); it("supports MiniMax CN API endpoint auth choice", async () => { await withOnboardEnv("openclaw-onboard-minimax-cn-", async (env) => { const cfg = await runOnboardingAndReadConfig(env, { authChoice: "minimax-cn-api", minimaxApiKey: "sk-minimax-test", // pragma: allowlist secret }); expect(cfg.auth?.profiles?.["minimax:cn"]?.provider).toBe("minimax"); expect(cfg.auth?.profiles?.["minimax:cn"]?.mode).toBe("api_key"); expect(cfg.models?.providers?.minimax?.baseUrl).toBe(MINIMAX_CN_API_BASE_URL); expect(cfg.agents?.defaults?.model?.primary).toBe("minimax/MiniMax-M2.7"); await expectApiKeyProfile({ profileId: "minimax:cn", provider: "minimax", key: "sk-minimax-test", }); }); }); it("stores Z.AI API key and uses global baseUrl by default", async () => { await withZaiProbeFetch( { [`${ZAI_GLOBAL_BASE_URL}/chat/completions::glm-5`]: 200, }, async (fetchMock) => await withOnboardEnv("openclaw-onboard-zai-", async (env) => { const cfg = await runOnboardingAndReadConfig(env, { authChoice: "zai-api-key", zaiApiKey: "zai-test-key", // pragma: allowlist secret }); expect(cfg.auth?.profiles?.["zai:default"]?.provider).toBe("zai"); expect(cfg.auth?.profiles?.["zai:default"]?.mode).toBe("api_key"); expect(cfg.models?.providers?.zai?.baseUrl).toBe(ZAI_GLOBAL_BASE_URL); expect(cfg.agents?.defaults?.model?.primary).toBe("zai/glm-5"); expect(fetchMock).toHaveBeenCalled(); await expectApiKeyProfile({ profileId: "zai:default", provider: "zai", key: "zai-test-key", }); }), ); }); it("supports Z.AI CN coding endpoint auth choice", async () => { await withZaiProbeFetch( { [`${ZAI_CODING_CN_BASE_URL}/chat/completions::glm-5`]: 404, [`${ZAI_CODING_CN_BASE_URL}/chat/completions::glm-4.7`]: 200, }, async (fetchMock) => await withOnboardEnv("openclaw-onboard-zai-cn-", async (env) => { const cfg = await runOnboardingAndReadConfig(env, { authChoice: "zai-coding-cn", zaiApiKey: "zai-test-key", // pragma: allowlist secret }); expect(cfg.models?.providers?.zai?.baseUrl).toBe(ZAI_CODING_CN_BASE_URL); expect(cfg.agents?.defaults?.model?.primary).toBe("zai/glm-4.7"); expect(fetchMock).toHaveBeenCalled(); }), ); }); it("supports Z.AI Coding Plan global endpoint with GLM-5 when available", async () => { await withZaiProbeFetch( { [`${ZAI_CODING_GLOBAL_BASE_URL}/chat/completions::glm-5`]: 200, }, async (fetchMock) => await withOnboardEnv("openclaw-onboard-zai-coding-global-", async (env) => { const cfg = await runOnboardingAndReadConfig(env, { authChoice: "zai-coding-global", zaiApiKey: "zai-test-key", // pragma: allowlist secret }); expect(cfg.models?.providers?.zai?.baseUrl).toBe(ZAI_CODING_GLOBAL_BASE_URL); expect(cfg.agents?.defaults?.model?.primary).toBe("zai/glm-5"); expect(fetchMock).toHaveBeenCalled(); }), ); }); it("stores xAI API key and sets default model", async () => { await withOnboardEnv("openclaw-onboard-xai-", async (env) => { const rawKey = "xai-test-\r\nkey"; const cfg = await runOnboardingAndReadConfig(env, { authChoice: "xai-api-key", xaiApiKey: rawKey, }); expect(cfg.auth?.profiles?.["xai:default"]?.provider).toBe("xai"); expect(cfg.auth?.profiles?.["xai:default"]?.mode).toBe("api_key"); expect(cfg.agents?.defaults?.model?.primary).toBe("xai/grok-4"); await expectApiKeyProfile({ profileId: "xai:default", provider: "xai", key: "xai-test-key" }); }); }); it("infers Mistral auth choice from --mistral-api-key and sets default model", async () => { await withOnboardEnv("openclaw-onboard-mistral-infer-", async (env) => { const cfg = await runOnboardingAndReadConfig(env, { mistralApiKey: "mistral-test-key", // pragma: allowlist secret }); expect(cfg.auth?.profiles?.["mistral:default"]?.provider).toBe("mistral"); expect(cfg.auth?.profiles?.["mistral:default"]?.mode).toBe("api_key"); expect(cfg.agents?.defaults?.model?.primary).toBe("mistral/mistral-large-latest"); await expectApiKeyProfile({ profileId: "mistral:default", provider: "mistral", key: "mistral-test-key", }); }); }); it("stores Volcano Engine API key and sets default model", async () => { await withOnboardEnv("openclaw-onboard-volcengine-", async (env) => { const cfg = await runOnboardingAndReadConfig(env, { authChoice: "volcengine-api-key", volcengineApiKey: "volcengine-test-key", // pragma: allowlist secret }); expect(cfg.agents?.defaults?.model?.primary).toBe("volcengine-plan/ark-code-latest"); }); }); it("infers BytePlus auth choice from --byteplus-api-key and sets default model", async () => { await withOnboardEnv("openclaw-onboard-byteplus-infer-", async (env) => { const cfg = await runOnboardingAndReadConfig(env, { byteplusApiKey: "byteplus-test-key", // pragma: allowlist secret }); expect(cfg.agents?.defaults?.model?.primary).toBe("byteplus-plan/ark-code-latest"); }); }); it("stores Vercel AI Gateway API key and sets default model", async () => { await withOnboardEnv("openclaw-onboard-ai-gateway-", async (env) => { const cfg = await runOnboardingAndReadConfig(env, { authChoice: "ai-gateway-api-key", aiGatewayApiKey: "gateway-test-key", // pragma: allowlist secret }); expect(cfg.auth?.profiles?.["vercel-ai-gateway:default"]?.provider).toBe("vercel-ai-gateway"); expect(cfg.auth?.profiles?.["vercel-ai-gateway:default"]?.mode).toBe("api_key"); expect(cfg.agents?.defaults?.model?.primary).toBe( "vercel-ai-gateway/anthropic/claude-opus-4.6", ); await expectApiKeyProfile({ profileId: "vercel-ai-gateway:default", provider: "vercel-ai-gateway", key: "gateway-test-key", }); }); }); it("stores token auth profile", async () => { await withOnboardEnv("openclaw-onboard-token-", async ({ configPath, runtime }) => { const cleanToken = `sk-ant-oat01-${"a".repeat(80)}`; const token = `${cleanToken.slice(0, 30)}\r${cleanToken.slice(30)}`; await runNonInteractiveSetupWithDefaults(runtime, { authChoice: "token", tokenProvider: "anthropic", token, tokenProfileId: "anthropic:default", }); const cfg = await readJsonFile(configPath); expect(cfg.auth?.profiles?.["anthropic:default"]?.provider).toBe("anthropic"); expect(cfg.auth?.profiles?.["anthropic:default"]?.mode).toBe("token"); const store = ensureAuthProfileStore(); const profile = store.profiles["anthropic:default"]; expect(profile?.type).toBe("token"); if (profile?.type === "token") { expect(profile.provider).toBe("anthropic"); expect(profile.token).toBe(cleanToken); } }); }); it("stores OpenAI API key and sets OpenAI default model", async () => { await withOnboardEnv("openclaw-onboard-openai-", async (env) => { const cfg = await runOnboardingAndReadConfig(env, { authChoice: "openai-api-key", openaiApiKey: "sk-openai-test", // pragma: allowlist secret }); expect(cfg.agents?.defaults?.model?.primary).toBe(OPENAI_DEFAULT_MODEL); }); }); it.each([ { name: "anthropic", prefix: "openclaw-onboard-ref-flag-anthropic-", authChoice: "apiKey", optionKey: "anthropicApiKey", flagName: "--anthropic-api-key", envVar: "ANTHROPIC_API_KEY", }, { name: "openai", prefix: "openclaw-onboard-ref-flag-openai-", authChoice: "openai-api-key", optionKey: "openaiApiKey", flagName: "--openai-api-key", envVar: "OPENAI_API_KEY", }, { name: "openrouter", prefix: "openclaw-onboard-ref-flag-openrouter-", authChoice: "openrouter-api-key", optionKey: "openrouterApiKey", flagName: "--openrouter-api-key", envVar: "OPENROUTER_API_KEY", }, { name: "xai", prefix: "openclaw-onboard-ref-flag-xai-", authChoice: "xai-api-key", optionKey: "xaiApiKey", flagName: "--xai-api-key", envVar: "XAI_API_KEY", }, { name: "volcengine", prefix: "openclaw-onboard-ref-flag-volcengine-", authChoice: "volcengine-api-key", optionKey: "volcengineApiKey", flagName: "--volcengine-api-key", envVar: "VOLCANO_ENGINE_API_KEY", }, { name: "byteplus", prefix: "openclaw-onboard-ref-flag-byteplus-", authChoice: "byteplus-api-key", optionKey: "byteplusApiKey", flagName: "--byteplus-api-key", envVar: "BYTEPLUS_API_KEY", }, ])( "fails fast for $name when --secret-input-mode ref uses explicit key without env and does not leak the key", async ({ prefix, authChoice, optionKey, flagName, envVar }) => { await withOnboardEnv(prefix, async ({ runtime }) => { const providedSecret = `${envVar.toLowerCase()}-should-not-leak`; // pragma: allowlist secret const options: Record = { authChoice, secretInputMode: "ref", // pragma: allowlist secret [optionKey]: providedSecret, skipSkills: true, }; const envOverrides: Record = { [envVar]: undefined, }; await withEnvAsync(envOverrides, async () => { let thrown: Error | undefined; try { await runNonInteractiveSetupWithDefaults(runtime, options); } catch (error) { thrown = error as Error; } expect(thrown).toBeDefined(); const message = String(thrown?.message ?? ""); expect(message).toContain( `${flagName} cannot be used with --secret-input-mode ref unless ${envVar} is set in env.`, ); expect(message).toContain( `Set ${envVar} in env and omit ${flagName}, or use --secret-input-mode plaintext.`, ); expect(message).not.toContain(providedSecret); }); }); }, ); it("stores the detected env alias as keyRef for both OpenCode runtime providers", async () => { await withOnboardEnv("openclaw-onboard-ref-opencode-alias-", async ({ runtime }) => { await withEnvAsync( { OPENCODE_API_KEY: undefined, OPENCODE_ZEN_API_KEY: "opencode-zen-env-key", // pragma: allowlist secret }, async () => { await runNonInteractiveSetupWithDefaults(runtime, { authChoice: "opencode-zen", secretInputMode: "ref", // pragma: allowlist secret skipSkills: true, }); const store = ensureAuthProfileStore(); for (const profileId of ["opencode:default", "opencode-go:default"]) { const profile = store.profiles[profileId]; expect(profile?.type).toBe("api_key"); if (profile?.type === "api_key") { expect(profile.key).toBeUndefined(); expect(profile.keyRef).toEqual({ source: "env", provider: "default", id: "OPENCODE_ZEN_API_KEY", }); } } }, ); }); }); it("configures vLLM via the provider plugin in non-interactive mode", async () => { await withOnboardEnv("openclaw-onboard-vllm-non-interactive-", async (env) => { const cfg = await runOnboardingAndReadConfig(env, { authChoice: "vllm", customBaseUrl: "http://127.0.0.1:8100/v1", customApiKey: "vllm-test-key", // pragma: allowlist secret customModelId: "Qwen/Qwen3-8B", }); expect(cfg.auth?.profiles?.["vllm:default"]?.provider).toBe("vllm"); expect(cfg.auth?.profiles?.["vllm:default"]?.mode).toBe("api_key"); expect(cfg.models?.providers?.vllm).toEqual({ baseUrl: "http://127.0.0.1:8100/v1", api: "openai-completions", apiKey: "VLLM_API_KEY", models: [ expect.objectContaining({ id: "Qwen/Qwen3-8B", }), ], }); expect(cfg.agents?.defaults?.model?.primary).toBe("vllm/Qwen/Qwen3-8B"); await expectApiKeyProfile({ profileId: "vllm:default", provider: "vllm", key: "vllm-test-key", }); }); }); it("configures SGLang via the provider plugin in non-interactive mode", async () => { await withOnboardEnv("openclaw-onboard-sglang-non-interactive-", async (env) => { const cfg = await runOnboardingAndReadConfig(env, { authChoice: "sglang", customBaseUrl: "http://127.0.0.1:31000/v1", customApiKey: "sglang-test-key", // pragma: allowlist secret customModelId: "Qwen/Qwen3-32B", }); expect(cfg.auth?.profiles?.["sglang:default"]?.provider).toBe("sglang"); expect(cfg.auth?.profiles?.["sglang:default"]?.mode).toBe("api_key"); expect(cfg.models?.providers?.sglang).toEqual({ baseUrl: "http://127.0.0.1:31000/v1", api: "openai-completions", apiKey: "SGLANG_API_KEY", models: [ expect.objectContaining({ id: "Qwen/Qwen3-32B", }), ], }); expect(cfg.agents?.defaults?.model?.primary).toBe("sglang/Qwen/Qwen3-32B"); await expectApiKeyProfile({ profileId: "sglang:default", provider: "sglang", key: "sglang-test-key", }); }); }); it("stores LiteLLM API key and sets default model", async () => { await withOnboardEnv("openclaw-onboard-litellm-", async (env) => { const cfg = await runOnboardingAndReadConfig(env, { authChoice: "litellm-api-key", litellmApiKey: "litellm-test-key", // pragma: allowlist secret }); expect(cfg.auth?.profiles?.["litellm:default"]?.provider).toBe("litellm"); expect(cfg.auth?.profiles?.["litellm:default"]?.mode).toBe("api_key"); expect(cfg.agents?.defaults?.model?.primary).toBe("litellm/claude-opus-4-6"); await expectApiKeyProfile({ profileId: "litellm:default", provider: "litellm", key: "litellm-test-key", }); }); }); it.each([ { name: "stores Cloudflare AI Gateway API key and metadata", prefix: "openclaw-onboard-cf-gateway-", options: { authChoice: "cloudflare-ai-gateway-api-key", }, }, { name: "infers Cloudflare auth choice from API key flags", prefix: "openclaw-onboard-cf-gateway-infer-", options: {}, }, ])("$name", async ({ prefix, options }) => { await withOnboardEnv(prefix, async ({ configPath, runtime }) => { await runNonInteractiveSetupWithDefaults(runtime, { cloudflareAiGatewayAccountId: "cf-account-id", cloudflareAiGatewayGatewayId: "cf-gateway-id", cloudflareAiGatewayApiKey: "cf-gateway-test-key", // pragma: allowlist secret skipSkills: true, ...options, }); const cfg = await readJsonFile(configPath); expect(cfg.auth?.profiles?.["cloudflare-ai-gateway:default"]?.provider).toBe( "cloudflare-ai-gateway", ); expect(cfg.auth?.profiles?.["cloudflare-ai-gateway:default"]?.mode).toBe("api_key"); expect(cfg.agents?.defaults?.model?.primary).toBe("cloudflare-ai-gateway/claude-sonnet-4-5"); await expectApiKeyProfile({ profileId: "cloudflare-ai-gateway:default", provider: "cloudflare-ai-gateway", key: "cf-gateway-test-key", metadata: { accountId: "cf-account-id", gatewayId: "cf-gateway-id" }, }); }); }); it("infers Together auth choice from --together-api-key and sets default model", async () => { await withOnboardEnv("openclaw-onboard-together-infer-", async (env) => { const cfg = await runOnboardingAndReadConfig(env, { togetherApiKey: "together-test-key", // pragma: allowlist secret }); expect(cfg.auth?.profiles?.["together:default"]?.provider).toBe("together"); expect(cfg.auth?.profiles?.["together:default"]?.mode).toBe("api_key"); expect(cfg.agents?.defaults?.model?.primary).toBe("together/moonshotai/Kimi-K2.5"); await expectApiKeyProfile({ profileId: "together:default", provider: "together", key: "together-test-key", }); }); }); it("infers QIANFAN auth choice from --qianfan-api-key and sets default model", async () => { await withOnboardEnv("openclaw-onboard-qianfan-infer-", async (env) => { const cfg = await runOnboardingAndReadConfig(env, { qianfanApiKey: "qianfan-test-key", // pragma: allowlist secret }); expect(cfg.auth?.profiles?.["qianfan:default"]?.provider).toBe("qianfan"); expect(cfg.auth?.profiles?.["qianfan:default"]?.mode).toBe("api_key"); expect(cfg.agents?.defaults?.model?.primary).toBe("qianfan/deepseek-v3.2"); await expectApiKeyProfile({ profileId: "qianfan:default", provider: "qianfan", key: "qianfan-test-key", }); }); }); it("infers Model Studio auth choice from --modelstudio-api-key and sets default model", async () => { await withOnboardEnv("openclaw-onboard-modelstudio-infer-", async (env) => { const cfg = await runOnboardingAndReadConfig(env, { modelstudioApiKey: "modelstudio-test-key", // pragma: allowlist secret }); expect(cfg.auth?.profiles?.["modelstudio:default"]?.provider).toBe("modelstudio"); expect(cfg.auth?.profiles?.["modelstudio:default"]?.mode).toBe("api_key"); expect(cfg.models?.providers?.modelstudio?.baseUrl).toBe( "https://coding-intl.dashscope.aliyuncs.com/v1", ); expect(cfg.agents?.defaults?.model?.primary).toBe("modelstudio/qwen3.5-plus"); await expectApiKeyProfile({ profileId: "modelstudio:default", provider: "modelstudio", key: "modelstudio-test-key", }); }); }); it("configures a custom provider from non-interactive flags", async () => { await withOnboardEnv("openclaw-onboard-custom-provider-", async ({ configPath, runtime }) => { await runNonInteractiveSetupWithDefaults(runtime, { authChoice: "custom-api-key", customBaseUrl: "https://llm.example.com/v1", customApiKey: "custom-test-key", // pragma: allowlist secret customModelId: "foo-large", customCompatibility: "anthropic", skipSkills: true, }); const cfg = await readJsonFile(configPath); const provider = cfg.models?.providers?.["custom-llm-example-com"]; expect(provider?.baseUrl).toBe("https://llm.example.com/v1"); expect(provider?.api).toBe("anthropic-messages"); expect(provider?.apiKey).toBe("custom-test-key"); expect(provider?.models?.some((model) => model.id === "foo-large")).toBe(true); expect(cfg.agents?.defaults?.model?.primary).toBe("custom-llm-example-com/foo-large"); }); }); it("infers custom provider auth choice from custom flags", async () => { await withOnboardEnv( "openclaw-onboard-custom-provider-infer-", async ({ configPath, runtime }) => { await runNonInteractiveSetupWithDefaults(runtime, { customBaseUrl: "https://models.custom.local/v1", customModelId: "local-large", customApiKey: "custom-test-key", // pragma: allowlist secret skipSkills: true, }); const cfg = await readJsonFile(configPath); expect(cfg.models?.providers?.["custom-models-custom-local"]?.baseUrl).toBe( "https://models.custom.local/v1", ); expect(cfg.models?.providers?.["custom-models-custom-local"]?.api).toBe( "openai-completions", ); expect(cfg.agents?.defaults?.model?.primary).toBe("custom-models-custom-local/local-large"); }, ); }); it("uses CUSTOM_API_KEY env fallback for non-interactive custom provider auth", async () => { await withOnboardEnv( "openclaw-onboard-custom-provider-env-fallback-", async ({ configPath, runtime }) => { process.env.CUSTOM_API_KEY = "custom-env-key"; // pragma: allowlist secret await runCustomLocalNonInteractive(runtime); expect(await readCustomLocalProviderApiKey(configPath)).toBe("custom-env-key"); }, ); }); it("stores CUSTOM_API_KEY env ref for non-interactive custom provider auth in ref mode", async () => { await withOnboardEnv( "openclaw-onboard-custom-provider-env-ref-", async ({ configPath, runtime }) => { process.env.CUSTOM_API_KEY = "custom-env-key"; // pragma: allowlist secret await runCustomLocalNonInteractive(runtime, { secretInputMode: "ref", // pragma: allowlist secret }); expect(await readCustomLocalProviderApiKeyInput(configPath)).toEqual({ source: "env", provider: "default", id: "CUSTOM_API_KEY", }); }, ); }); it("fails fast for custom provider ref mode when --custom-api-key is set but CUSTOM_API_KEY env is missing", async () => { await withOnboardEnv("openclaw-onboard-custom-provider-ref-flag-", async ({ runtime }) => { const providedSecret = "custom-inline-key-should-not-leak"; // pragma: allowlist secret await withEnvAsync({ CUSTOM_API_KEY: undefined }, async () => { let thrown: Error | undefined; try { await runCustomLocalNonInteractive(runtime, { secretInputMode: "ref", // pragma: allowlist secret customApiKey: providedSecret, }); } catch (error) { thrown = error as Error; } expect(thrown).toBeDefined(); const message = String(thrown?.message ?? ""); expect(message).toContain( "--custom-api-key cannot be used with --secret-input-mode ref unless CUSTOM_API_KEY is set in env.", ); expect(message).toContain( "Set CUSTOM_API_KEY in env and omit --custom-api-key, or use --secret-input-mode plaintext.", ); expect(message).not.toContain(providedSecret); }); }); }); it("uses matching profile fallback for non-interactive custom provider auth", async () => { await withOnboardEnv( "openclaw-onboard-custom-provider-profile-fallback-", async ({ configPath, runtime }) => { upsertAuthProfile({ profileId: `${CUSTOM_LOCAL_PROVIDER_ID}:default`, credential: { type: "api_key", provider: CUSTOM_LOCAL_PROVIDER_ID, key: "custom-profile-key", }, }); await runCustomLocalNonInteractive(runtime); expect(await readCustomLocalProviderApiKey(configPath)).toBe("custom-profile-key"); }, ); }); it("fails custom provider auth when compatibility is invalid", async () => { await withOnboardEnv( "openclaw-onboard-custom-provider-invalid-compat-", async ({ runtime }) => { await expect( runNonInteractiveSetupWithDefaults(runtime, { authChoice: "custom-api-key", customBaseUrl: "https://models.custom.local/v1", customModelId: "local-large", customCompatibility: "xmlrpc", skipSkills: true, }), ).rejects.toThrow('Invalid --custom-compatibility (use "openai" or "anthropic").'); }, ); }); it("fails custom provider auth when explicit provider id is invalid", async () => { await withOnboardEnv("openclaw-onboard-custom-provider-invalid-id-", async ({ runtime }) => { await expect( runNonInteractiveSetupWithDefaults(runtime, { authChoice: "custom-api-key", customBaseUrl: "https://models.custom.local/v1", customModelId: "local-large", customProviderId: "!!!", skipSkills: true, }), ).rejects.toThrow( "Invalid custom provider config: Custom provider ID must include letters, numbers, or hyphens.", ); }); }); it("fails inferred custom auth when required flags are incomplete", async () => { await withOnboardEnv( "openclaw-onboard-custom-provider-missing-required-", async ({ runtime }) => { await expect( runNonInteractiveSetupWithDefaults(runtime, { customApiKey: "custom-test-key", // pragma: allowlist secret skipSkills: true, }), ).rejects.toThrow('Auth choice "custom-api-key" requires a base URL and model ID.'); }, ); }); });