Description
When using a non-Anthropic provider that uses the anthropic-messages API (e.g. Xiaomi MiMo), the Anthropic SDK automatically reads the ANTHROPIC_AUTH_TOKEN environment variable and sends it as an Authorization: Bearer header alongside the x-api-key header.
This causes 401 Invalid API Key errors when both headers carry different keys:
x-api-key: sk-e07jt... ← correct provider key (from XIAOMI_API_KEY)
Authorization: Bearer sk-2U6m... ← unrelated key (from ANTHROPIC_AUTH_TOKEN, set by another tool)
The Xiaomi API rejects the request because of conflicting credentials.
Steps to reproduce
- Set
XIAOMI_API_KEY to a valid Xiaomi MiMo API key
- Set
ANTHROPIC_AUTH_TOKEN to a different key (e.g. from Claude Code CLI)
- Start pi and select
xiaomi/mimo-v2.5-pro as the model
- Send any message → 401 Invalid API Key
Root Cause
In createClient() in packages/ai/src/providers/anthropic.ts, the API key auth branch passes apiKey to the Anthropic SDK but does not explicitly set authToken: null:
- Cloudflare branch:
authToken: null ✅
- Copilot branch:
authToken: apiKey ✅
- OAuth branch:
authToken: apiKey ✅
- API key auth branch: missing
authToken: null ❌
Suggested fix
Add authToken: null to the API key auth branch:
// API key auth
const client = new Anthropic({
apiKey,
+ authToken: null,
baseURL: model.baseUrl,
...
});This matches the pattern already used in the Cloudflare branch and tells the SDK not to read ANTHROPIC_AUTH_TOKEN from the environment when using explicit API key authentication.
Environment
- pi version: 0.74.0
- OS: Linux
- Provider: xiaomi
- Model: mimo-v2.5-pro
Description
When using a non-Anthropic provider that uses the
anthropic-messagesAPI (e.g. Xiaomi MiMo), the Anthropic SDK automatically reads theANTHROPIC_AUTH_TOKENenvironment variable and sends it as anAuthorization: Bearerheader alongside thex-api-keyheader.This causes 401 Invalid API Key errors when both headers carry different keys:
The Xiaomi API rejects the request because of conflicting credentials.
Steps to reproduce
XIAOMI_API_KEYto a valid Xiaomi MiMo API keyANTHROPIC_AUTH_TOKENto a different key (e.g. from Claude Code CLI)xiaomi/mimo-v2.5-proas the modelRoot Cause
In
createClient()inpackages/ai/src/providers/anthropic.ts, the API key auth branch passesapiKeyto the Anthropic SDK but does not explicitly setauthToken: null:authToken: null✅authToken: apiKey✅authToken: apiKey✅authToken: null❌Suggested fix
Add
authToken: nullto the API key auth branch:// API key auth const client = new Anthropic({ apiKey, + authToken: null, baseURL: model.baseUrl, ... });This matches the pattern already used in the Cloudflare branch and tells the SDK not to read
ANTHROPIC_AUTH_TOKENfrom the environment when using explicit API key authentication.Environment