fix(cli): preserve wizard config + honour custom-provider aliases (#22074, #27132)#28882
Merged
Conversation
Resync the setup wizard's in-memory config after the shared model picker writes to disk so the wizard's final save does not overwrite auxiliary choices or other provider updates.\n\nAdds a regression test for auxiliary task choices saved by the picker.
…for base_url trust (#27132) When config.yaml has provider: ollama (or vllm/llamacpp/llama-cpp) with a non-loopback base_url, auth.py's resolve_provider() correctly normalises the alias to 'custom' at the top level, but two sites in runtime_provider.py were still comparing the *original* string against the literal 'custom': - _config_base_url_trustworthy_for_bare_custom() rejected non-loopback URLs because cfg_provider_norm was 'ollama', not 'custom'. - _resolve_openrouter_runtime() only entered the trust branch when requested_norm == 'custom'. Both sites now consult resolve_provider() and treat any alias that resolves to 'custom' identically. Result: provider: ollama + LAN IP no longer silently falls through to OpenRouter (HTTP 401), matching the behaviour of provider: custom with the same base_url. E2E verified across 6 cases (ollama/vllm/llamacpp/custom + LAN; ollama + loopback; openrouter + cloud) — all route to the configured endpoint; 'frobnicate' + LAN still rejects with AuthError as before. Also adds scripts/release.py AUTHOR_MAP entry for @stepanov1975 (PR #22074 — wizard config picker preservation, cherry-picked into the preceding commit).
Contributor
🚨 CRITICAL Supply Chain Risk DetectedThis PR contains a pattern that has been used in real supply chain attacks. A maintainer must review the flagged code carefully before merging. 🚨 CRITICAL: Install-hook file added or modifiedThese files can execute code during package installation or interpreter startup. Files: Scanner only fires on high-signal indicators: .pth files, base64+exec/eval combos, subprocess with encoded commands, or install-hook files. Low-signal warnings were removed intentionally — if you're seeing this comment, the finding is worth inspecting. |
Contributor
🔎 Lint report:
|
This was referenced May 19, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes two long-standing custom-endpoint persistence bugs that together cause
provider: ollama(or any local-server alias) on a LAN IP to silently 401 against OpenRouter.What changes
1. Wizard re-syncs the full config dict, not just
model+custom_providers— salvage of @stepanov1975's PR #22074.setup.py:setup_model_provider()previously only refreshedmodelandcustom_providersfrom disk after the shared model picker wrote. Any neighbouring section the picker touched (auxiliary,providers,model_aliases,credential_pool_strategies) was then overwritten with stale values by the wizard's finalsave_config(config). The fix is the obviousconfig.clear(); config.update(load_config()).2. Runtime treats
ollama/vllm/llamacpp/llama-cpplikecustomfor base_url trust — closes #27132.auth.resolve_provider()correctly normalises those aliases to"custom"at the top level, but two sites inruntime_provider.pywere still string-comparing the original alias against the literal"custom":_config_base_url_trustworthy_for_bare_custom()rejected non-loopback URLs becausecfg_provider_normwas"ollama", not"custom"._resolve_openrouter_runtime()only entered the trust branch whenrequested_norm == "custom".Both sites now consult
resolve_provider()and treat any alias that resolves to"custom"identically. No duplicated alias map.Without #2, even with #1's wizard fix the user's saved
provider: ollamaconfig would still fall through to OpenRouter at runtime — they're the two halves of the same user-visible bug ("local endpoint selection does not persist → 401 on next start").Validation
E2E (live import, isolated HERMES_HOME, only OPENROUTER_API_KEY set):
provider: ollama+ LAN IPprovider: vllm+ LAN IPprovider: llamacpp+ LAN IPprovider: ollama+ loopbackprovider: custom+ LAN IPprovider: openrouterThree new tests in
test_runtime_provider_resolution.pylock in the alias behaviour as a contract.Credits / supersedes
Closes