import { PROVIDER_DEFINITIONS, getProviderDefinition, } from '../../shared/providers/registry'; import type { ProviderAccount, ProviderConfig, ProviderDefinition, ProviderType, } from '../../shared/providers/types'; import { BUILTIN_PROVIDER_TYPES } from '../../shared/providers/types'; import { ensureProviderStoreMigrated } from './provider-migration'; import { deleteProviderAccount, getDefaultProviderAccountId, getProviderAccount, listProviderAccounts, providerAccountToConfig, providerConfigToAccount, saveProviderAccount, setDefaultProviderAccount, } from './provider-store'; import { deleteApiKey, deleteProvider, getApiKey, hasApiKey, setDefaultProvider, storeApiKey, } from '../../utils/secure-storage'; import { getActiveOpenClawProviders, getOpenClawProvidersConfig } from '../../utils/openclaw-auth'; import { getAliasSourceTypes, getOpenClawProviderKeyForType } from '../../utils/provider-keys'; import type { ProviderWithKeyInfo } from '../../shared/providers/types'; import { logger } from '../../utils/logger'; import { YINIAN_MODEL_DEFAULT_BASE_URL, YINIAN_MODEL_DEFAULT_ID, YINIAN_MODEL_PROVIDER_KEY, YINIAN_MODEL_REF, } from '../../../shared/yinian-model'; function maskApiKey(apiKey: string | null): string | null { if (!apiKey) return null; if (apiKey.length > 12) { return `${apiKey.substring(0, 4)}${'*'.repeat(apiKey.length - 8)}${apiKey.substring(apiKey.length - 4)}`; } return '*'.repeat(apiKey.length); } const legacyProviderApiWarned = new Set(); function logLegacyProviderApiUsage(method: string, replacement: string): void { if (legacyProviderApiWarned.has(method)) { return; } legacyProviderApiWarned.add(method); logger.warn( `[provider-migration] Legacy provider API "${method}" is deprecated. Migrate to "${replacement}".`, ); } function inferProviderVendorIdFromOpenClawEntry( key: string, entry: Record, ): ProviderType | 'custom' { if (key === 'minimax-portal') { const baseUrl = typeof entry.baseUrl === 'string' ? entry.baseUrl.toLowerCase() : ''; if (baseUrl.includes('api.minimaxi.com')) { return 'minimax-portal-cn'; } } return ((BUILTIN_PROVIDER_TYPES as readonly string[]).includes(key) ? key : 'custom') as ProviderType | 'custom'; } function isPlaceholderYinianModelAccount(account: ProviderAccount): boolean { const model = account.model?.startsWith(`${YINIAN_MODEL_PROVIDER_KEY}/`) ? account.model : `${YINIAN_MODEL_PROVIDER_KEY}/${account.model ?? ''}`; return account.id === YINIAN_MODEL_PROVIDER_KEY && account.vendorId === 'custom' && account.baseUrl === YINIAN_MODEL_DEFAULT_BASE_URL && model === YINIAN_MODEL_REF; } function isPlaceholderYinianModelEntry( key: string, entry: Record, defaultModel: string | undefined, ): boolean { if (key !== YINIAN_MODEL_PROVIDER_KEY) return false; if (!entry.baseUrl) return true; if (entry.baseUrl !== YINIAN_MODEL_DEFAULT_BASE_URL) return false; const models = Array.isArray(entry.models) ? entry.models : []; const hasPlaceholderModel = models.some((model) => { if (!model || typeof model !== 'object') return false; return (model as Record).id === YINIAN_MODEL_DEFAULT_ID; }); return defaultModel === YINIAN_MODEL_REF || hasPlaceholderModel; } export class ProviderService { async listVendors(): Promise { return PROVIDER_DEFINITIONS; } async listAccounts(): Promise { await ensureProviderStoreMigrated(); // Provider accounts are the settings source of truth. openclaw.json is the // generated runtime output, but we still import from it for older installs. const { providers: openClawProviders, defaultModel } = await getOpenClawProvidersConfig(); const activeProviders = await getActiveOpenClawProviders(); const rawStoreAccounts = await listProviderAccounts(); const allStoreAccounts = rawStoreAccounts .filter((account) => !isPlaceholderYinianModelAccount(account)); const storeByKey = new Map(); for (const account of allStoreAccounts) { const ock = getOpenClawProviderKeyForType(account.vendorId, account.id); const group = storeByKey.get(ock) ?? []; group.push(account); storeByKey.set(ock, group); } const result: ProviderAccount[] = []; const processedKeys = new Set(); const storeKeys = Array.from(storeByKey.keys()); for (const key of storeKeys) { if (processedKeys.has(key)) continue; processedKeys.add(key); const storeGroup = storeByKey.get(key) ?? []; const aliasAccounts = storeGroup.filter((a) => a.vendorId !== key); const candidates = aliasAccounts.length > 0 ? aliasAccounts : storeGroup; candidates.sort((a, b) => b.updatedAt.localeCompare(a.updatedAt)); result.push(candidates[0]); const kept = candidates[0]; for (const account of storeGroup) { if (account.id !== kept.id) { logger.info( `[provider-sync] Removing orphaned account "${account.id}" for key "${key}" (keeping "${kept.id}")`, ); await deleteProviderAccount(account.id); } } } const existingIds = new Set(result.map((account) => account.id)); const existingVendorIds = new Set(result.map((account) => account.vendorId)); for (const key of activeProviders) { if (processedKeys.has(key)) continue; const entry = openClawProviders[key]; if (!entry || isPlaceholderYinianModelEntry(key, entry, defaultModel)) { continue; } const seeded = ProviderService.buildAccountsFromOpenClawEntries( { [key]: entry }, existingIds, existingVendorIds, defaultModel, ); for (const account of seeded) { await saveProviderAccount(account); result.push(account); existingIds.add(account.id); existingVendorIds.add(account.vendorId); logger.info(`[provider-sync] Seeded provider account "${account.id}" from openclaw.json`); } } for (const account of rawStoreAccounts) { if (isPlaceholderYinianModelAccount(account)) { try { await deleteProviderAccount(account.id); } catch (err) { logger.warn(`[provider-sync] Failed to remove placeholder model account "${account.id}":`, err); } } } return result; } /** * Build ProviderAccount objects from OpenClaw config entries, skipping any * whose id or vendorId is already represented by an existing account. */ static buildAccountsFromOpenClawEntries( providers: Record>, existingIds: Set, existingVendorIds: Set, defaultModel: string | undefined, ): ProviderAccount[] { const defaultModelProvider = defaultModel?.includes('/') ? defaultModel.split('/')[0] : undefined; const now = new Date().toISOString(); const built: ProviderAccount[] = []; for (const [key, entry] of Object.entries(providers)) { if (existingIds.has(key)) continue; const vendorId = inferProviderVendorIdFromOpenClawEntry(key, entry); const definition = getProviderDefinition(vendorId === 'custom' ? key : vendorId); // Skip if an account with this vendorId already exists (e.g. user already // created "openrouter-uuid" via UI — no need to import bare "openrouter"). if (existingVendorIds.has(vendorId)) continue; // Skip if an alias source type already exists. // e.g. openclaw.json has "minimax-portal" but account vendorId is "minimax-portal-cn" const aliasSources = getAliasSourceTypes(key); if (aliasSources.some((source) => existingVendorIds.has(source))) { continue; } const baseUrl = typeof entry.baseUrl === 'string' ? entry.baseUrl : definition?.providerConfig?.baseUrl; // Infer model from the default model if it belongs to this provider let model: string | undefined; if (defaultModelProvider === key && defaultModel) { model = defaultModel; } else if (definition?.defaultModelId) { model = definition.defaultModelId; } const account: ProviderAccount = { id: key, vendorId: (vendorId as ProviderAccount['vendorId'] as ProviderType), label: definition?.name ?? key.charAt(0).toUpperCase() + key.slice(1), authMode: definition?.defaultAuthMode ?? 'api_key', baseUrl, apiProtocol: definition?.providerConfig?.api, headers: (entry.headers && typeof entry.headers === 'object' ? (entry.headers as Record) : undefined), model, enabled: true, isDefault: false, createdAt: now, updatedAt: now, }; built.push(account); } return built; } async getAccount(accountId: string): Promise { await ensureProviderStoreMigrated(); return getProviderAccount(accountId); } async getDefaultAccountId(): Promise { await ensureProviderStoreMigrated(); return getDefaultProviderAccountId(); } async createAccount(account: ProviderAccount, apiKey?: string): Promise { await ensureProviderStoreMigrated(); // Only save to providerAccounts store — do NOT call saveProvider() which // writes to the legacy `providers` store and causes phantom/duplicate issues. await saveProviderAccount(account); if (apiKey !== undefined && apiKey.trim()) { await storeApiKey(account.id, apiKey.trim()); } return (await getProviderAccount(account.id)) ?? account; } async updateAccount( accountId: string, patch: Partial, apiKey?: string, ): Promise { await ensureProviderStoreMigrated(); const existing = await getProviderAccount(accountId); if (!existing) { throw new Error('Provider account not found'); } const nextAccount: ProviderAccount = { ...existing, ...patch, id: accountId, updatedAt: patch.updatedAt ?? new Date().toISOString(), }; // Only save to providerAccounts store — skip legacy saveProvider(). await saveProviderAccount(nextAccount); if (apiKey !== undefined) { const trimmedKey = apiKey.trim(); if (trimmedKey) { await storeApiKey(accountId, trimmedKey); } else { await deleteApiKey(accountId); } } return (await getProviderAccount(accountId)) ?? nextAccount; } async deleteAccount(accountId: string): Promise { await ensureProviderStoreMigrated(); return deleteProvider(accountId); } /** * @deprecated Use listAccounts() and map account data in callers. */ async listLegacyProviders(): Promise { logLegacyProviderApiUsage('listLegacyProviders', 'listAccounts'); const accounts = await this.listAccounts(); return accounts.map(providerAccountToConfig); } /** * @deprecated Use listAccounts() + secret-store based key summary. */ async listLegacyProvidersWithKeyInfo(): Promise { logLegacyProviderApiUsage('listLegacyProvidersWithKeyInfo', 'listAccounts'); const providers = await this.listLegacyProviders(); const results: ProviderWithKeyInfo[] = []; for (const provider of providers) { const apiKey = await getApiKey(provider.id); results.push({ ...provider, hasKey: !!apiKey, keyMasked: maskApiKey(apiKey), }); } return results; } /** * @deprecated Use getAccount(accountId). */ async getLegacyProvider(providerId: string): Promise { logLegacyProviderApiUsage('getLegacyProvider', 'getAccount'); await ensureProviderStoreMigrated(); const account = await getProviderAccount(providerId); return account ? providerAccountToConfig(account) : null; } /** * @deprecated Use createAccount()/updateAccount(). */ async saveLegacyProvider(config: ProviderConfig): Promise { logLegacyProviderApiUsage('saveLegacyProvider', 'createAccount/updateAccount'); await ensureProviderStoreMigrated(); const account = providerConfigToAccount(config); const existing = await getProviderAccount(config.id); if (existing) { await this.updateAccount(config.id, account); return; } await this.createAccount(account); } /** * @deprecated Use deleteAccount(accountId). */ async deleteLegacyProvider(providerId: string): Promise { logLegacyProviderApiUsage('deleteLegacyProvider', 'deleteAccount'); await ensureProviderStoreMigrated(); await this.deleteAccount(providerId); return true; } /** * @deprecated Use setDefaultAccount(accountId). */ async setDefaultLegacyProvider(providerId: string): Promise { logLegacyProviderApiUsage('setDefaultLegacyProvider', 'setDefaultAccount'); await this.setDefaultAccount(providerId); } /** * @deprecated Use getDefaultAccountId(). */ async getDefaultLegacyProvider(): Promise { logLegacyProviderApiUsage('getDefaultLegacyProvider', 'getDefaultAccountId'); return this.getDefaultAccountId(); } /** * @deprecated Use secret-store APIs by accountId. */ async setLegacyProviderApiKey(providerId: string, apiKey: string): Promise { logLegacyProviderApiUsage('setLegacyProviderApiKey', 'setProviderSecret(accountId, api_key)'); return storeApiKey(providerId, apiKey); } /** * @deprecated Use secret-store APIs by accountId. */ async getLegacyProviderApiKey(providerId: string): Promise { logLegacyProviderApiUsage('getLegacyProviderApiKey', 'getProviderSecret(accountId)'); return getApiKey(providerId); } /** * @deprecated Use secret-store APIs by accountId. */ async deleteLegacyProviderApiKey(providerId: string): Promise { logLegacyProviderApiUsage('deleteLegacyProviderApiKey', 'deleteProviderSecret(accountId)'); return deleteApiKey(providerId); } /** * @deprecated Use secret-store APIs by accountId. */ async hasLegacyProviderApiKey(providerId: string): Promise { logLegacyProviderApiUsage('hasLegacyProviderApiKey', 'getProviderSecret(accountId)'); return hasApiKey(providerId); } async setDefaultAccount(accountId: string): Promise { await ensureProviderStoreMigrated(); await setDefaultProviderAccount(accountId); await setDefaultProvider(accountId); } getVendorDefinition(vendorId: string): ProviderDefinition | undefined { return getProviderDefinition(vendorId); } } const providerService = new ProviderService(); export function getProviderService(): ProviderService { return providerService; }