Skip to content

Commit 0113e8a

Browse files
yimojclaude
andcommitted
fix(onboard): honour process.env BRAVE_API_KEY in createSandbox (#3626)
The other messaging providers fall back to process.env when the credential store hasn't been written yet, but the Brave token was resolved only via getCredential(). For direct createSandbox() callers (tests, custom wrappers) that pass webSearchConfig without first running configureWebSearch() to persist the key, that dropped a valid BRAVE_API_KEY env var and then tripped the later "not available in this process" abort. Resolve the token with the same env-or-store fallback used elsewhere and reuse it in the pre-create guard so both call sites stay in sync. Signed-off-by: Yimo Jiang <yimoj@nvidia.com> Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1 parent 723c5dc commit 0113e8a

1 file changed

Lines changed: 4 additions & 8 deletions

File tree

src/lib/onboard.ts

Lines changed: 4 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -3103,14 +3103,10 @@ async function createSandbox(
31033103
.filter(({ envKey }) => !enabledEnvKeys || enabledEnvKeys.has(envKey))
31043104
.filter(({ envKey }) => !disabledEnvKeys.has(envKey));
31053105

3106+
// Honor process.env fallback so direct createSandbox() callers don't trip the abort.
3107+
const braveApiKey = webSearchConfig ? getCredential(webSearch.BRAVE_API_KEY_ENV) || normalizeCredentialValue(process.env[webSearch.BRAVE_API_KEY_ENV]) : null;
31063108
if (webSearchConfig) {
3107-
// `brave` providerType wires X-Subscription-Token rewrite at egress (#3626).
3108-
messagingTokenDefs.push({
3109-
name: `${sandboxName}-brave-search`,
3110-
envKey: webSearch.BRAVE_API_KEY_ENV,
3111-
token: getCredential(webSearch.BRAVE_API_KEY_ENV),
3112-
providerType: braveProviderProfile.BRAVE_PROVIDER_PROFILE_ID,
3113-
});
3109+
messagingTokenDefs.push({ name: `${sandboxName}-brave-search`, envKey: webSearch.BRAVE_API_KEY_ENV, token: braveApiKey, providerType: braveProviderProfile.BRAVE_PROVIDER_PROFILE_ID });
31143110
}
31153111
const previousProviderCredentialHashes =
31163112
registry.getSandbox(sandboxName)?.providerCredentialHashes ?? {};
@@ -3539,7 +3535,7 @@ async function createSandbox(
35393535
"openclaw-sandbox.yaml",
35403536
);
35413537
const basePolicyPath = (agent && agentOnboard.getAgentPolicyPath(agent)) || defaultPolicyPath;
3542-
if (webSearchConfig && !getCredential(webSearch.BRAVE_API_KEY_ENV)) {
3538+
if (webSearchConfig && !braveApiKey) {
35433539
console.error(" Brave Search is enabled, but BRAVE_API_KEY is not available in this process.");
35443540
console.error(
35453541
" Re-run with BRAVE_API_KEY set, or disable Brave Search before recreating the sandbox.",

0 commit comments

Comments
 (0)