fix(auxiliary.vision): keep named-provider credential pool with custom base_url

[Sanjays2402]

Closes #16290.

Problem

auxiliary.vision configured with provider: zai and a custom base_url (e.g. https://open.bigmodel.cn/api/paas/v4) failed to auto-resolve ZAI_API_KEY from the credential pool — every request hit 401 - {'error': {'code': '401', 'message': '令牌已过期或验证不正确'}}. Workaround was to hardcode api_key in config.yaml.

Root cause is exactly as @hackdion identified: in agent/auxiliary_client.py::resolve_vision_provider_client(), any non-empty resolved_base_url forced the call to resolve_provider_client("custom", ...). That branch only consults OPENAI_API_KEY / explicit_api_key, so the named provider's credential pool (which knows about ZAI_API_KEY, KIMI_API_KEY, etc.) was never asked.

Fix

Three small changes:

1. resolve_vision_provider_client — when a named non-custom provider with credentials in the pool is requested and a custom base_url is supplied, route through the named provider with explicit_base_url. Falls back to the existing "custom" path if the named provider has no key, preserving prior behaviour for OPENAI_API_KEY-only setups.

2. resolve_provider_client (api-key branch) — honour explicit_base_url / explicit_api_key overrides. These were already accepted by the "custom" branch but ignored for named api-key providers.

3. _named_provider_has_credentials(provider) — small helper used by (1) so the routing decision stays cheap (no client construction) and never raises out of the hot path.

The doc'd workaround (hardcoded api_key in config.yaml) still works — when explicit_api_key is supplied the resolver goes straight to the custom path, same as before.

Tests

tests/agent/test_vision_provider_base_url_routing.py — 3 new focused tests:

• test_vision_with_named_provider_and_base_url_routes_through_named_provider — direct repro of [Bug]: auxiliary.vision with provider=zai and custom base_url fails to auto-resolve ZAI_API_KEY #16290: provider="zai" + base_url="open.bigmodel.cn" routes through "zai" (not "custom") and forwards the explicit base_url.
• test_vision_with_base_url_falls_back_to_custom_when_named_provider_has_no_creds — preserves prior behaviour when the credential pool is empty.
• test_vision_with_explicit_api_key_skips_named_provider_routing — preserves the documented hardcoded-key workaround.

pytest tests/agent/test_vision_provider_base_url_routing.py \
       tests/agent/test_vision_resolved_args.py \
       tests/agent/test_auxiliary_client.py \
       tests/agent/test_auxiliary_client_anthropic_custom.py -q
99 passed (95 pre-existing + 4 new)

[alt-glitch]

Related to #16317 and #16308 — all three PRs address the same root cause in resolve_vision_provider_client() dropping named-provider credentials when base_url is set. Fixes #16290.

[teknium1]

This appears to be implemented on current main by a later fix. Automated hermes-sweeper review.

Evidence:

• agent/auxiliary_client.py:4156 now keeps the requested named vision provider when resolved_base_url is set, falling back to custom only for empty/auto provider selection. That means provider: zai + custom base_url routes through resolve_provider_client("zai", explicit_base_url=...) rather than forcing "custom".
• agent/auxiliary_client.py:3803 in the API-key provider branch resolves named-provider credentials and honors explicit_api_key / explicit_base_url before constructing the client.
• tests/agent/test_vision_resolved_args.py:40 covers the ZAI regression: https://open.bigmodel.cn/api/paas/v4 must still call resolve_provider_client with provider "zai" and the explicit base URL.
• The implementation landed in 6cf7a9e330cadabd2a0b7ae21f25dc400fc3aa63 (fix(vision): preserve explicit provider auth with custom base_url) and is contained in release tag v2026.5.7 and later.

Thanks for the focused repro and tests here; the current main fix addresses the same root cause discussed in #16290 and the related PR thread.