Conversation
OpenClaw sends different auth headers based on API type: - openai-completions: Authorization: Bearer <apiKey> - anthropic-messages: x-api-key: <apiKey> The keyring-proxy now accepts both authentication methods, fixing 401 "Missing authorization" errors for Anthropic and Venice providers. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
OpenClaw's anthropic-messages API includes /v1 in its request path, so the vendor basePath should be empty to avoid double /v1/v1 in the forwarded URL. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
BotMaker was hardcoding 'openai-responses' API type for all providers. Now correctly maps: - openai → openai-responses - anthropic → anthropic-messages - venice → openai-completions (OpenAI-compatible) - google → google-gemini Added tests for anthropic and venice proxy configurations. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add OpenRouter as a new provider with curated model list - Add keyHint field to provider configs for API key format hints - Dynamic API key placeholder in AddKeyForm based on selected provider - Update Venice model list with current recommended models Provider key hints: - OpenAI: sk-... - Anthropic: sk-ant-... - Google: AIza... - Venice: VENICE-INFERENCE-KEY-... - OpenRouter: sk-or-... Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
This pull request enhances multi-provider AI support by adding OpenRouter as a new provider, implementing provider-specific API type mappings for OpenClaw, and improving authentication flexibility in the proxy to support both Bearer token and x-api-key authentication methods.
Changes:
- Added dynamic API type mapping for AI providers (anthropic-messages, google-gemini, openai-completions) to ensure correct OpenClaw configuration
- Extended proxy authentication to accept both Authorization (Bearer) and x-api-key headers for bot authentication
- Added OpenRouter as a new AI provider with model selections and updated proxy configuration
- Implemented provider-specific key hint placeholders in the dashboard to guide users on correct API key formats
- Updated Anthropic proxy basePath to accommodate OpenClaw's anthropic-messages API path structure
Reviewed changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| src/bots/templates.ts | Adds getApiTypeForProvider function to map providers to OpenClaw API types, ensuring proper configuration when bots use proxy |
| src/bots/templates.test.ts | Adds tests verifying anthropic-messages and openai-completions API types are correctly configured for proxy usage |
| proxy/src/types.ts | Updates anthropic basePath to empty string (from /v1) and adds openrouter vendor configuration |
| proxy/src/routes/proxy.ts | Extends bot authentication to accept both Bearer tokens and x-api-key headers for OpenClaw compatibility |
| dashboard/src/secrets/AddKeyForm.tsx | Updates API key input placeholder to use provider-specific hints via getKeyHint function |
| dashboard/src/config/providers/venice.ts | Adds Kimi K2.5 model and VENICE-INFERENCE-KEY hint |
| dashboard/src/config/providers/types.ts | Adds optional keyHint field to ProviderConfig interface |
| dashboard/src/config/providers/openrouter.ts | Creates new OpenRouter provider configuration with model list and key hint |
| dashboard/src/config/providers/openai.ts | Adds keyHint field for OpenAI API keys |
| dashboard/src/config/providers/index.ts | Exports getKeyHint function and adds openrouter to PROVIDERS array |
| dashboard/src/config/providers/google.ts | Adds keyHint field for Google API keys |
| dashboard/src/config/providers/anthropic.ts | Adds keyHint field for Anthropic API keys |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| case 'google': | ||
| return 'google-gemini'; |
There was a problem hiding this comment.
The getApiTypeForProvider function now includes a mapping for 'google' to 'google-gemini' (line 62-63), but there is no test coverage for this case. While anthropic and venice API types are tested in templates.test.ts lines 154-178 and 180-198, the google provider should also have a test to verify the google-gemini API type is correctly set when using proxy configuration.
| case 'google': | ||
| return 'google-gemini'; | ||
| case 'venice': | ||
| case 'openrouter': |
There was a problem hiding this comment.
The getApiTypeForProvider function adds support for 'openrouter' (line 65) which maps to 'openai-completions', but there is no test coverage for this new provider. While it shares the same API type as venice, adding a dedicated test would ensure the openrouter provider is correctly handled in proxy configurations, consistent with the test pattern established for other providers in templates.test.ts.
| anthropic: { | ||
| host: 'api.anthropic.com', | ||
| basePath: '/v1', | ||
| basePath: '', // OpenClaw's anthropic-messages API includes /v1 in its path |
There was a problem hiding this comment.
The anthropic basePath has been changed from '/v1' to an empty string to accommodate OpenClaw's anthropic-messages API type, which already includes /v1 in its request paths. While this change is coordinated with the getApiTypeForProvider function in templates.ts, it could be a breaking change for any existing Anthropic bots that were created before this update. These existing bots would have been configured with the old basePath and might fail if the paths are constructed differently. Consider documenting this as a breaking change or providing a migration path for existing deployments.
|
|
||
| const auth = req.headers.authorization; | ||
| if (!auth?.startsWith('Bearer ')) { | ||
| if (auth?.startsWith('Bearer ')) { |
There was a problem hiding this comment.
The authorization header extraction on line 29 doesn't check if the header value is a string before calling startsWith. While HTTP headers can be string or string arrays in Node.js/Fastify, calling startsWith on an array would cause a runtime error. Consider adding a type check similar to the x-api-key handling on line 32, for example: 'if (typeof auth === 'string' && auth.startsWith('Bearer '))'.
| if (auth?.startsWith('Bearer ')) { | |
| if (typeof auth === 'string' && auth.startsWith('Bearer ')) { |
| } else if (req.headers['x-api-key'] && typeof req.headers['x-api-key'] === 'string') { | ||
| botToken = req.headers['x-api-key']; |
There was a problem hiding this comment.
The code now accepts bot authentication via the x-api-key header (line 32-33), but this header is not being removed before forwarding to the upstream provider in the forwardToUpstream function. The authorization header is removed in upstream.ts line 37, but x-api-key is not. This means if a bot authenticates with x-api-key and the request is forwarded to Anthropic (which also uses x-api-key for authentication), the bot's authentication token would be sent to Anthropic instead of the real API key. The x-api-key header should also be deleted in upstream.ts alongside the authorization header removal.
| } else if (req.headers['x-api-key'] && typeof req.headers['x-api-key'] === 'string') { | ||
| botToken = req.headers['x-api-key']; | ||
| } |
There was a problem hiding this comment.
The new x-api-key authentication path added in lines 32-34 lacks test coverage. The proxy/src/routes/ directory has comprehensive tests for admin.ts but no tests for proxy.ts. Consider adding tests to verify that x-api-key authentication works correctly for bot authentication, especially since this is a security-critical code path.
2 participants
No description provided.