molecule-ai/molecule-ai-workspace-template-claude-code
35
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
fix/lowercase-org-slug
molecule-ai-workspace-templ.../tests
History
Hongming Wang b9a1fa1b1f
Some checks failed
CI / validate (push) Failing after 0s
Details
CI / Adapter unit tests (push) Failing after 6s
Details
feat: per-vendor env routing for third-party providers (task #244) 
Third-party Anthropic-compat providers (MiniMax, GLM, Kimi, DeepSeek)
all reuse the Anthropic SDK's wire format, which means the claude CLI
and claude-code-sdk read the bearer token from ANTHROPIC_AUTH_TOKEN no
matter which vendor is being talked to. Pre-#244:

  * Canvas surfaced the vendor-specific name (MINIMAX_API_KEY, etc.)
    to the user — so a user who saved only MINIMAX_API_KEY hit a
    silent 401 on first call.
  * The boot audit said `MINIMAX_API_KEY=set`, making it look like an
    SDK bug rather than a routing gap.
  * A user with multiple vendor keys could only run one workspace at a
    time because they all fought over the shared ANTHROPIC_AUTH_TOKEN
    slot.

Diagnostic-only audit logging shipped earlier (#32) but the actual
routing was never written — task #244 was mismarked complete.

Changes:
  * config.yaml: third-party model `required_env` now references the
    per-vendor name (MINIMAX_API_KEY, GLM_API_KEY, KIMI_API_KEY,
    DEEPSEEK_API_KEY) so canvas asks the user for the right key.
    First-party Anthropic models still use ANTHROPIC_AUTH_TOKEN /
    CLAUDE_CODE_OAUTH_TOKEN.
  * config.yaml: each third-party provider's `auth_env` lists the
    vendor name FIRST (priority order) so projection picks the
    vendor key over a stale ANTHROPIC_AUTH_TOKEN.
  * adapter.py: new `_project_vendor_auth(provider)` helper, called
    from `setup()` right after `_resolve_provider`. Idempotent — only
    projects when ANTHROPIC_AUTH_TOKEN is unset (operator override
    always wins). Logs the projection by NAME, never by VALUE
    (mirrors `_audit_auth_env_presence`).
  * tests/test_provider_routing.py: 6 new tests pin the contract —
    vendor-key-set projects, AUTH_TOKEN-already-set is never
    clobbered, first-party providers skip projection, secret value
    never leaks into a log record, empty-string vendor env doesn't
    trigger projection, and the same routing fires for GLM / Kimi /
    DeepSeek.

Mirrors the parallel hermes-side fix from task #249 / hermes PR #38;
keeps the two runtimes' multi-vendor UX in lockstep.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-02 22:20:03 -07:00
..
pytest.ini feat(adapter): pre-validate ANTHROPIC_BASE_URL + missing model combo 2026-04-30 22:35:49 -07:00
test_adapter_logging.py feat(adapter,entrypoint): boot env audit + crash-loop diagnosis logging 2026-05-02 21:41:05 -07:00
test_adapter_prevalidate.py fix(adapter): keep setup() routing — strip prefix only at CLI invocation 2026-05-01 16:46:54 -07:00
test_dev_channels_flag.py fix(executor): pass tagged server:molecule to dev-channels flag 2026-05-01 17:15:49 -07:00
test_provider_routing.py feat: per-vendor env routing for third-party providers (task #244) 2026-05-02 22:20:03 -07:00
test_runtime_wedge_mirror.py chore(executor): runtime_wedge mirror follow-ups from PR #29 review 2026-05-01 18:04:24 -07:00