[Bug] kimi-coding provider fails authentication due to incorrect User-Agent header

[Amineelfarssi]

Bug Report: kimi-coding provider fails authentication due to incorrect User-Agent header

Description

The kimi-coding provider is documented and configurable in OpenClaw, but API requests fail authentication for subscription users. The Kimi Code API requires User-Agent: claude-code/0.1.0 header for subscription authentication, but OpenClaw sends User-Agent: OpenClaw-Gateway/1.0 (or similar generic agent string).

Expected Behavior

Configuring provider kimi-coding with a valid Kimi Code Plan subscription API key should authenticate successfully and allow model usage.

Actual Behavior

API requests are rejected or treated as unauthorized. The model either:

• Falls back to the default model silently
• Fails with authentication errors
• Behaves as if using pay-per-use instead of subscription

Steps to Reproduce

1. Subscribe to Kimi Code Plan ($20/month) at https://www.kimi.com/code/en
2. Get API key from https://www.kimi.com/code/en (different from Moonshot API key)
3. Configure OpenClaw:

{
  models: {
    providers: {
      "kimi-coding": {
        baseUrl: "https://api.kimi.com/coding/v1",
        apiKey: "${KIMI_API_KEY}",
        api: "openai-completions",
        models: [{
          id: "k2p5",
          name: "Kimi K2.5 (Code)",
          contextWindow: 256000
        }]
      }
    }
  }
}

4. Try to use the model: /model kimi-coding/k2p5
5. Send a message

Result: Request fails or falls back to different model.

Root Cause Analysis

Kimi Code API validates the User-Agent header for subscription authentication. It specifically requires:

User-Agent: claude-code/0.1.0

OpenClaw currently sends its own User-Agent (e.g., OpenClaw-Gateway/1.0), which the Kimi Code API does not recognize as a valid subscription client.

Workaround (Current)

Users must run a local proxy to inject the correct header:

# Proxy on localhost:8787 adds User-Agent: claude-code/0.1.0
# OpenClaw configured to use http://localhost:8787/v1

This adds unnecessary complexity and latency.

Proposed Fix

Option A (Minimal): Hardcode User-Agent: claude-code/0.1.0 for the kimi-coding provider specifically.

Option B (Flexible): Allow custom headers in provider config:

"kimi-coding": {
  baseUrl: "https://api.kimi.com/coding/v1",
  apiKey: "${KIMI_API_KEY}",
  headers: {
    "User-Agent": "claude-code/0.1.0"
  }
}

Related Issues

This may explain reports of /model kimi-coding/k2p5 "silently failing" — the auth is rejected but OpenClaw falls back to default model without clear error messaging.

Environment

• OpenClaw version: 2026.2.19-2 (and likely others)
• Provider: kimi-coding
• Authentication: Kimi Code Plan subscription (not Moonshot pay-per-use)

Additional Context

• Kimi Code API endpoint: https://api.kimi.com/coding/v1
• Kimi Code and Moonshot are separate services with different API keys
• Documentation for kimi-coding provider exists but doesn't mention this requirement

[vincentkoc]

Closing this in favor of a narrower fix PR that targets the concrete OpenClaw change discussed here.

What is being changed:

• the built-in kimi-coding provider now sends User-Agent: claude-code/0.1.0 by default
• explicit provider headers still override the built-in default, so users can set a different User-Agent or add extra headers if needed
• regression coverage was added for both the built-in provider config and the resolved-model header merge path

PR: #44248

If Kimi subscription auth still fails after a build that includes #44248, please open a fresh follow-up with the exact version/commit and the provider config you used.

[HenryLoenwind]

Huh. I've been using Kimi Coding for weeks, never had an auth issue. I suspect the issue is the user overconfiguring their provider. Not configuring a provider section in the config and simply supplying the key via an environment variable works fine.