Skip to content

Subagent fails with volcengine-plan: No API key found for provider 'volcengine-plan' #31731

New issue
New issue
Closed
#31821
Closed
Subagent fails with volcengine-plan: No API key found for provider 'volcengine-plan'#31731
#31821
@garnetlyx

Description

@garnetlyx
garnetlyx
opened on Mar 2, 2026

Bug Report

When configuring Volcano Engine authentication via openclaw configure, the onboarding flow creates a mismatch between the auth profile and the default model:

Item Actual Value Expected Value
Auth Profile volcengine:default volcengine:default
Default Model volcengine-plan/ark-code-latest Should work with above auth ✅

Root Cause

The authentication system has two separate code paths that handle provider normalization differently:

  1. Environment variable lookup (src/agents/model-auth.ts:282-284):

    if (normalized === "volcengine" || normalized === "volcengine-plan") {
  return pick("VOLCANO_ENGINE_API_KEY");
}

    ✅ Correctly handles both providers

  2. Auth profile lookup (src/agents/auth-profiles/profiles.ts:81-86):

    export function listProfilesForProvider(store: AuthProfileStore, provider: string): string[] {
  const providerKey = normalizeProviderId(provider);
  return Object.entries(store.profiles)
    .filter(([, cred]) => normalizeProviderId(cred.provider) === providerKey)
    .map(([id]) => id);
}

    ❌ Does NOT handle the volcenginevolcengine-plan mapping

The credential is stored with provider: "volcengine", but when the model volcengine-plan/ark-code-latest is used, the code looks for credentials with provider: "volcengine-plan" and finds none.

Why This Happens

  • normalizeProviderId (in src/agents/model-selection.ts) does NOT map volcengine-plan to volcengine
  • It only normalizes alternative names like bytedancevolcengine, doubaovolcengine
  • volcengine-plan is treated as a completely separate provider from volcengine in the auth profile system

Impact

When a Subagent runs with model volcengine-plan/ark-code-latest:

  1. resolveApiKeyForProvider is called with provider "volcengine-plan"
  2. listProfilesForProvider(store, "volcengine-plan") returns empty array
  3. No auth profile found → tries env var VOLCANO_ENGINE_API_KEY
  4. If env var not set → throws: 
    No API key found for provider "volcengine-plan"

This affects any user who:

  • Configured Volcano Engine via openclaw configure
  • Has not set the VOLCANO_ENGINE_API_KEY environment variable
  • Uses a Subagent that inherits the default model volcengine-plan/ark-code-latest

Proposed Fix

Add provider group mappings to normalizeProviderId in src/agents/model-selection.ts:

export function normalizeProviderId(provider: string): string {
  const normalized = provider.trim().toLowerCase();
  // ... existing mappings ...

  // Add provider group mappings (consistent with resolveEnvApiKey)
  if (normalized === "volcengine-plan") {
    return "volcengine";
  }
  if (normalized === "byteplus-plan") {
    return "byteplus";
  }

  return normalized;
}

This ensures that volcengine-plan and volcengine are treated as the same provider for authentication purposes, matching the existing behavior in resolveEnvApiKey.

Verification Steps

After implementing the fix:

  1. Run existing tests: pnpm test src/agents/model-auth.*.test.ts
  2. Run onboarding tests: pnpm test src/commands/onboard*.test.ts
  3. Add new test: verify that a credential stored with provider: "volcengine" can be resolved when looking up "volcengine-plan"
  4. Manual test: configure Volcano Engine auth, then run a subagent with volcengine-plan/ark-code-latest model

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions