fix(config): resolve (baseUrl, apiKey) as a tuple, not two independent fields#1658
Merged
Conversation
…t fields When a user sets a custom baseUrl + apiKey in config.json (e.g. routing DeepSeek through new-api or another proxy) but also has a stale env DEEPSEEK_API_KEY left over from a default-endpoint setup, the resolver used to pull baseUrl from one source and apiKey from the other. Result: the request hit the proxy URL with the wrong token and the API returned auth errors with no obvious cause. Reported in #1631, root-caused in #1577 (closed without a fix). - New loadEndpoint() resolves the pair atomically: whichever source defines baseUrl owns apiKey too. 12-factor env-first is preserved (env DEEPSEEK_BASE_URL takes the whole tuple), and the default- endpoint case still does env apiKey > config apiKey. The non-obvious branch is "config sets baseUrl" — config also owns the apiKey there, so a stale env key doesn't bleed into a custom endpoint. - loadApiKey / loadBaseUrl kept as thin wrappers (many call sites only need a presence check); they now return the tuple-resolved value. - New bridgeEndpointEnv() mirrors the resolved tuple into process.env so subprocess constructions and lazy DeepSeekClient instances see the matched pair. Replaces the scattered `process.env.DEEPSEEK_API_KEY = loadApiKey()` bridges across chat/code/run/acp/desktop, which all had the "only env, never both" gap. - Every DeepSeekClient construction site now passes both apiKey and baseUrl explicitly via loadEndpoint() so the tuple semantics apply regardless of the client constructor's env fallback. Tests: new cases cover the bug scenario (config tuple wins over stale env apiKey), env-baseUrl-set tuple, default-endpoint precedence (unchanged from pre-fix), and config baseUrl with missing apiKey (surfaces a clean "no key" error rather than silent wrong-key auth). Closes #1631
esengine
pushed a commit
that referenced
this pull request
May 24, 2026
…moved, persisted usage stats, plan dispatch gate Headline themes: - Desktop: bundle the CLI-hosted React dashboard, retire Tauri+Preact duplicate (#1418) - Config: drop preset abstraction; flash/pro are direct model selections (#1657, #1630) - Stats: persist cumulative usage to session meta + auto-restore on startup (#1667, #1680, #1643, #1628) - Plans: editMode="plan" enforced at the ToolRegistry dispatch gate (#1681); step advance fix (#1629) - Context: fold once at turn start, drop pre-flight + byte-ceiling (#1642, #1646); collapsible compacted card (#1649) - Subagents: per-skill flash/pro override + Settings UI (#1632) - Desktop polish: sidebar drag-resize (#1688), responsive collapse (#1585), copy/edit overlay + msg-history nav (#1645), Esc closes modal not turn (#1685), QQ tab isolation (#1672), DiffCard for edits (#1662), theme-aware highlighting (#1655), system events toggle (#1654/#1650), macOS TCC inheritance (#1614), dashboard.enabled (#1612) - Dashboard polish: persistent session URL (#1586, #1589, #1599), theme-aware highlighting (#1664), IME confirm-enter guard (#1689), code-fence lang fix (#1677), vendor chunk split (#1587), markdown table h-scroll (#1562) - TUI: Alt+S input stash/recall; static history isolated from input rerenders (#1635); legacy mouse drop (#1637, #1648); multi-edit gated in review (#1647) - Diff: SplitDiff column border holds under CJK (#1686) - MCP: workspace roots passed to servers (#1625); codeCommand honors mcpServers (#1603) - Config plumbing: (baseUrl, apiKey) resolved as a tuple (#1658); stale model id self-heal (#1663) See CHANGELOG for the full list.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
When a user sets a custom
baseUrl+apiKeyinconfig.json(e.g. routing DeepSeek through new-api or another proxy) but also has a stale envDEEPSEEK_API_KEYleft over from a default-endpoint setup, the resolver pulledbaseUrlfrom one source andapiKeyfrom the other. The request hit the proxy URL with the wrong token and the API returned auth errors with no obvious cause.Reported in #1631. Root-caused in #1577 (closed without a fix — same person hit it again).
Design
12-factor env > config precedence is conventional and worth preserving. The actual bug isn't precedence — it's that
(baseUrl, apiKey)is a logical tuple but the resolver treated them as independent fields, mixing sources across the pair.New
loadEndpoint()resolves the pair atomically:DEEPSEEK_BASE_URLsetbaseUrlWhichever source defines
baseUrlownsapiKeytoo. The non-obvious branch is "config sets baseUrl" — a stale env key doesn't bleed into a custom endpoint.Changes
src/config.ts— newloadEndpoint()(tuple resolver), newbridgeEndpointEnv()(mirrors resolved tuple into env for subprocess constructions); existingloadApiKey/loadBaseUrlkept as thin wrappers.DeepSeekClientconstruction sites (acp.ts,commit.ts,desktop.ts,doctor.ts,run.ts,App.tsx,setup.ts) now pass bothapiKeyandbaseUrlexplicitly vialoadEndpoint()so tuple semantics apply regardless of the client constructor's env fallback.process.env.DEEPSEEK_API_KEY = loadApiKey()bridges acrosschat/code/run/acp/desktopreplaced withbridgeEndpointEnv()— closes the "only env, never both" gap.Test plan
npm run verify— 260 files / 3593 tests passtests/config.test.ts:Closes #1631