Skip to content

fix(agent): disambiguate credential pool key lookup when multiple providers share the same base_url (#19083)#19122

Closed
Bartok9 wants to merge 0 commit into
NousResearch:mainfrom
Bartok9:fix/19083-credential-pool-provider-name
Closed

fix(agent): disambiguate credential pool key lookup when multiple providers share the same base_url (#19083)#19122
Bartok9 wants to merge 0 commit into
NousResearch:mainfrom
Bartok9:fix/19083-credential-pool-provider-name

Conversation

@Bartok9

@Bartok9 Bartok9 commented May 3, 2026

Copy link
Copy Markdown
Contributor

Problem

When multiple custom_providers share the same base_url, get_custom_provider_pool_key(base_url) always returns the pool key for the first matching entry. Any other provider at that URL gets the wrong credentials. This is P1 — silently uses the wrong API key.

# Before — always matches provider-a even when provider-b is active
def get_custom_provider_pool_key(base_url: str) -> Optional[str]:
    for norm_name, entry in _iter_custom_providers():
        if entry_url == normalized_url:
            return f"custom:{norm_name}"  # ← first match wins

Fix

Add an optional provider_name parameter. When provided, name-first lookup resolves the correct entry regardless of shared URLs:

def get_custom_provider_pool_key(
    base_url: str, provider_name: Optional[str] = None
) -> Optional[str]:
    # Fast path: match by name when the caller knows which provider is active.
    if provider_name:
        normalized_name = _normalize_custom_pool_name(provider_name)
        for norm_name, entry in _iter_custom_providers():
            if norm_name == normalized_name:
                return f"custom:{norm_name}"
        # Fall through to URL matching as best-effort fallback
    ...

Call site in seed_custom_provider_pool updated to pass model.name as the hint.

Backward compat: All existing callers that only pass base_url get the original first-match behaviour — no change for single-provider setups.

Tests

test_get_custom_provider_pool_key_disambiguates_shared_base_url covers:

  • Two providers at the same URL each resolve to their own pool key with name hint
  • Name matching is case/whitespace insensitive
  • Unknown name falls back to URL match
  • Name-only lookup works when base_url is empty

All existing test_get_custom_provider_pool_key assertions still pass.

Fixes #19083

@alt-glitch alt-glitch added type/bug Something isn't working P2 Medium — degraded but workaround exists comp/agent Core agent loop, run_agent.py, prompt builder area/auth Authentication, OAuth, credential pools labels May 3, 2026
@alt-glitch

alt-glitch commented May 3, 2026

Copy link
Copy Markdown
Collaborator

Likely duplicate of #14142 / #14141 — same root cause: credential pool keyed by base_url returns first-match when multiple custom_providers share the same URL. This PR adds name-based disambiguation to get_custom_provider_pool_key(). Also related to #19083 (the issue this fixes, which was itself flagged as dup of #14141).

@alt-glitch

alt-glitch commented May 3, 2026

Copy link
Copy Markdown
Collaborator

Likely duplicate of #14142 / #14141

@alt-glitch alt-glitch mentioned this pull request May 4, 2026
Closed
@Bartok9 Bartok9 closed this May 5, 2026
@Bartok9 Bartok9 force-pushed the fix/19083-credential-pool-provider-name branch from 34b7a44 to af312cc Compare May 5, 2026 20:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area/auth Authentication, OAuth, credential pools comp/agent Core agent loop, run_agent.py, prompt builder P2 Medium — degraded but workaround exists type/bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Credential pool key mix-up when multiple custom providers share the same base_url

2 participants

@Bartok9 @alt-glitch