fix(google-vertex): support production ADC modes

[damianFelixPago]

Summary

• Allow native api: "google-vertex" configs through model API validation.
• Preserve inherited provider-level api: "google-vertex" during inline model materialization.
• Extend the existing Google Vertex ADC helper beyond authorized_user files by falling back to google-auth-library for production ADC modes, including GKE Workload Identity / metadata-server ADC, external_account, service_account, Cloud Run, GAE, and Compute Engine.
• Wire the explicit Vertex transport before request-time ADC probing so default metadata-server ADC is not blocked by a sync env heuristic.

Why

OpenClaw already has a native Google Vertex transport: model.api === "google-vertex" selects the Vertex transport path. The previous ADC preflight and token resolver only accepted authorized_user credentials files, which preserved the local gcloud auth application-default login case but rejected common production GCP auth shapes before the native Vertex transport could run.

Production GCP deployments commonly rely on metadata server ADC, GKE Workload Identity, Workload Identity Federation (external_account), or service account credentials rather than a static Gemini API key or a user ADC file. This patch keeps the existing authorized_user refresh behavior intact and adds the standard google-auth-library ADC chain for the other supported runtime modes.

Related upstream work

This PR is scoped as a production ADC completion for the existing native Google Vertex path, not as a new Vertex provider.

• Feature Request: Add Google Vertex AI support with ADC authentication #9729 requested Google Vertex ADC support and was closed as implemented.
• feat(google): add Google Vertex AI provider with ADC auth and global endpoint routing #60860 is a broader Google Vertex provider PR that also touches ADC and endpoint routing.
• [codex] allow native google-vertex model provider configs #74914 adds api: "google-vertex" schema/config support, but is still open. This PR includes the schema allowance and also preserves provider-level inherited api: "google-vertex" in normalizeResolvedTransportApi, since adding to MODEL_APIS alone only covers explicit model-level config.
• Feat/google genai sdk as common provider across Google AI Studio and Google Cloud #65023 tracks a broader google-genai SDK provider direction.

Real behavior proof

Behavior addressed: Google Vertex requests using the existing native google-vertex transport can use production ADC instead of requiring a Gemini/Google API key or a local authorized_user ADC file.

Real environment tested: GKE-hosted OpenClaw deployment using metadata-server ADC / Workload Identity with no static GOOGLE_API_KEY, no GEMINI_API_KEY, and no GOOGLE_APPLICATION_CREDENTIALS file on the gateway.

Exact steps or command run after this patch: Configure models.providers.google.apiKey = "gcp-vertex-credentials", provider/model api = "google-vertex", GOOGLE_CLOUD_PROJECT, and GOOGLE_CLOUD_LOCATION=us-central1; send a normal OpenClaw channel message through google/gemini-2.5-pro.

Evidence after fix: GKE metadata server returned HTTP 200 for /computeMetadata/v1/instance/service-accounts/default/token?scopes=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform, then the gateway sent POST https://us-central1-aiplatform.googleapis.com/v1/projects/<redacted-project>/locations/us-central1/publishers/google/models/gemini-2.5-pro:streamGenerateContent with api=google-vertex and received HTTP 200 text/event-stream in 2291 ms.

Observed result after fix: A user-visible OpenClaw response was returned through the configured channel after the Vertex streamGenerateContent request completed with HTTP 200. The path used the gcp-vertex-credentials marker and ADC bearer auth, not x-goog-api-key or a static service-account JSON file.

What was not tested: Maintainer local ADC live generation could not complete because the local configured GCP project has Vertex AI disabled; the local run did reach the Google Vertex API with ADC bearer auth and failed with a redacted PERMISSION_DENIED service-disabled response. Direct AWS Crabbox remote proof was attempted on cbx_bc3464218fb0, but the lease lost SSH after sync before the command could run.

Test plan

• pnpm install --frozen-lockfile
  • Result: passed.
• pnpm test extensions/google/transport-stream.test.ts extensions/google/index.test.ts src/config/zod-schema.models.test.ts src/agents/pi-embedded-runner/model.inline-provider.test.ts -- --reporter=verbose
  • Result: passed 3 Vitest shards, 75 tests passed.
• env -u OPENCLAW_TESTBOX -u OPENCLAW_CLOUDFLARE_ACCOUNT_ID -u OPENCLAW_R2_ACCOUNT_ID -u OPENCLAW_R2_S3_ENDPOINT pnpm check:changed
  • Result: passed.
• pnpm deps:changes:report -- --base-ref origin/main --markdown /tmp/dependency-changes-83971.md --json /tmp/dependency-changes-83971.json
  • Result: passed; 2 dependency files changed, 0 resolved packages added/removed/changed.
• Local Vertex ADC smoke via createGoogleVertexTransportStreamFn() with apiKey: "gcp-vertex-credentials"
  • Result: reached Google Vertex with ADC bearer auth; stopped at cloud project API-disabled PERMISSION_DENIED, so not counted as successful generation proof.
• Direct AWS Crabbox remote gate on cbx_bc3464218fb0
  • Result: blocked by SSH timeout after sync; infrastructure failure, no patch failure signal.

Made with Cursor

[github-actions]

Dependency Changes Detected

This PR changes dependency-related files. Maintainers should confirm these changes are intentional.

Changed files:

• extensions/google/package.json
• pnpm-lock.yaml

Maintainer follow-up:

• Review whether the dependency changes are intentional.
• Inspect resolved package deltas when lockfile, shrinkwrap, or workspace dependency policy changes are present.
• Treat package-lock.json and npm-shrinkwrap.json diffs as security-review surfaces.
• Run pnpm deps:changes:report -- --base-ref origin/main --markdown /tmp/dependency-changes.md --json /tmp/dependency-changes.json locally for detailed release-style evidence.

[clawsweeper]

Codex review: found issues before merge.

Latest ClawSweeper review: 2026-05-23 04:46 UTC / May 23, 2026, 12:46 AM ET.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
The PR allows api: "google-vertex" in model config/inline provider normalization and extends Google Vertex ADC bearer-token resolution from authorized_user files to production ADC via google-auth-library.

Reproducibility: yes. from source at high confidence. Current main only activates the native Vertex transport for authorized_user ADC files and rejects other ADC file types before request-time auth can succeed.

PR rating
Overall: 🦐 gold shrimp
Proof: 🦞 diamond lobster
Patch quality: 🦐 gold shrimp
Summary: Strong real-environment proof supports the main GKE path, but the patch still has a blocking Compute Engine coverage gap and needs a clean rebase.

Rank-up moves:

• Fix or explicitly descope default Compute Engine metadata-server ADC support and add focused coverage for the chosen behavior.
• Rebase onto current main and preserve the newer Google plugin package and lockfile versions.

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

Real behavior proof
Sufficient (logs): The PR body provides redacted live GKE metadata-server token evidence, Vertex HTTP 200 transport logs, and a user-visible OpenClaw response after the patch path.

Risk before merge

• Default Compute Engine ADC without GCE_METADATA_HOST still appears unactivated by the PR despite being named in the supported production modes.
• The PR is currently not mergeable against current main and needs a rebase that preserves the newer Google plugin dependency versions and lockfile state.
• Non-authorized_user token resolution moves to google-auth-library, which adds provider-local auth dependency and metadata/STS/OAuth egress behavior that maintainers should explicitly accept.
• The broader Google Vertex provider direction in feat(google): add Google Vertex AI provider with ADC auth and global endpoint routing #60860 remains open, so maintainers should decide whether this narrow ADC completion lands first or folds into that branch.

Maintainer options:

1. Fix the Compute Engine ADC activation gap (recommended)
   Before merge, align the synchronous Vertex activation gate with the claimed ADC modes or narrow the PR scope and tests so ordinary Compute Engine is not promised.
2. Land only the proven GKE and file-based ADC scope
   Maintainers may accept the current GKE/service-account/external-account improvement if the PR body and release note are narrowed away from default Compute Engine support.
3. Fold the narrow fix into the broader Vertex branch
   If maintainers want one consolidated provider direction, pause this PR and carry the production ADC fallback into feat(google): add Google Vertex AI provider with ADC auth and global endpoint routing #60860.

Next step before merge
Human review should choose whether Compute Engine ADC must be fixed before merge or removed from scope, then review the rebased auth-provider dependency and lockfile changes.

Security
Cleared: No concrete security or supply-chain blocker found; the new official Google auth dependency is appropriate for this provider path, with auth-provider egress left as an explicit maintainer risk.

Review findings

• [P2] Cover default Compute Engine ADC detection — extensions/google/vertex-adc.ts:161

Review details

Best possible solution:

Land a rebased narrow ADC completion after fixing or explicitly descoping default Compute Engine metadata-server activation, while leaving broader Google Vertex provider/catalog/location work to the existing follow-up branch.

Do we have a high-confidence way to reproduce the issue?

Yes, from source at high confidence. Current main only activates the native Vertex transport for authorized_user ADC files and rejects other ADC file types before request-time auth can succeed.

Is this the best way to solve the issue?

Partly. Using google-auth-library is the right provider-local dependency-backed direction for production ADC, but the PR should either cover default Compute Engine metadata-server activation or stop claiming that mode before merge.

Label changes:

• add rating: 🦐 gold shrimp: Current PR rating is 🦐 gold shrimp because proof is 🦞 diamond lobster, patch quality is 🦐 gold shrimp, and Strong real-environment proof supports the main GKE path, but the patch still has a blocking Compute Engine coverage gap and needs a clean rebase.
• add status: ⏳ waiting on author: ClawSweeper has contributor-facing work open and is waiting for author action. Sufficient (logs): The PR body provides redacted live GKE metadata-server token evidence, Vertex HTTP 200 transport logs, and a user-visible OpenClaw response after the patch path.
• remove rating: 🐚 platinum hermit: Current PR rating is rating: 🦐 gold shrimp, so this older rating label is no longer current.
• remove status: 👀 ready for maintainer look: Current PR status label is status: ⏳ waiting on author.

Label justifications:

• P2: This is a normal-priority provider/auth fix for Google Vertex deployments with limited blast radius.
• merge-risk: 🚨 auth-provider: Merging changes how Google Vertex obtains bearer tokens and delegates production ADC modes to google-auth-library.
• rating: 🦐 gold shrimp: Current PR rating is 🦐 gold shrimp because proof is 🦞 diamond lobster, patch quality is 🦐 gold shrimp, and Strong real-environment proof supports the main GKE path, but the patch still has a blocking Compute Engine coverage gap and needs a clean rebase.
• status: ⏳ waiting on author: ClawSweeper has contributor-facing work open and is waiting for author action. Sufficient (logs): The PR body provides redacted live GKE metadata-server token evidence, Vertex HTTP 200 transport logs, and a user-visible OpenClaw response after the patch path.
• proof: sufficient: Contributor real behavior proof is sufficient. The PR body provides redacted live GKE metadata-server token evidence, Vertex HTTP 200 transport logs, and a user-visible OpenClaw response after the patch path.

Full review comments:

• [P2] Cover default Compute Engine ADC detection — extensions/google/vertex-adc.ts:161
  The PR claims Compute Engine ADC support, but the activation gate only returns true for Compute Engine when GCE_METADATA_HOST is set. Upstream gcp-metadata probes the default metadata hosts when that override is absent, so an ordinary Compute Engine deployment with no ADC file will still fail to select the Vertex stream before google-auth-library can run.
  Confidence: 0.86

Overall correctness: patch is incorrect
Overall confidence: 0.84

What I checked:

• Current main blocks non-authorized ADC before transport selection: Current main only enables the native Vertex stream when hasGoogleVertexAuthorizedUserAdcSync() sees an authorized_user ADC file, so metadata-server, external_account, and service_account modes do not reach the Vertex transport. (extensions/google/provider-registration.ts:60, d7a078f1962b)
• Current main resolver rejects non-authorized_user ADC files: The current resolver throws when the ADC file is not authorized_user, which directly matches the production ADC gap this PR is trying to close. (extensions/google/vertex-adc.ts:178, d7a078f1962b)
• PR adds Google auth fallback and coverage: The PR keeps the existing authorized_user refresh path and adds a google-auth-library fallback plus tests for production ADC detection and bearer header generation. (extensions/google/vertex-adc.ts:226, 39c20790d685)
• Dependency contract supports the chosen ADC fallback: google-auth-library@10.6.2 GoogleAuth accepts scopes, resolves ADC from env files, well-known files, and GCE metadata, and exposes getAccessToken(): Promise<string | null | undefined>.
• Compute Engine activation gap in the PR: The PR's synchronous ADC gate only treats Compute Engine as detectable when GCE_METADATA_HOST is set, while the upstream metadata client probes default metadata hosts when that override is absent. (extensions/google/vertex-adc.ts:161, 39c20790d685)
• Current main has newer Google package state than the PR patch base: Current main has @earendil-works/pi-ai 0.75.4 and @google/genai 2.5.0 in the Google plugin, while the PR patch was authored against older package/lockfile lines, matching the reported merge conflict risk. (extensions/google/package.json:7, d7a078f1962b)

Likely related people:

• Peter Steinberger: Shallow blame in this checkout attributes the current Google Vertex ADC helper, provider registration gate, config API list, and inline provider normalization to dd07fb400fc5e6f5b52d1cc8c9d983521d5d2263. (role: recent area contributor; confidence: medium; commits: dd07fb400fc5; files: extensions/google/vertex-adc.ts, extensions/google/provider-registration.ts, src/config/types.models.ts)
• PewterZz: The related open Google Vertex provider PR and issue cover the broader ADC/auth/routing direction that overlaps with this narrower PR. (role: adjacent Vertex provider proposer; confidence: medium; commits: 5bfb353ade92; files: extensions/google)

Codex review notes: model gpt-5.5, reasoning high; reviewed against d7a078f1962b.

[wiselancer]

Production proof — running this exact patch's behavior in 2026.5.18

Validating from a live Hetzner Coolify deployment of OpenClaw 2026.5.18 (50a2481), routing Telegram-facing Gemini 3.5 Flash traffic through Vertex AI on a third-party GCP project (Google Cloud reseller billing).

What I had to hack to make this work (which this PR fixes)

1. MODEL_APIS enum gate — patched both /opt/openclaw/app/dist/types.models-*.js and /opt/openclaw/app/node_modules/openclaw/dist/types.models-*.js to add "google-vertex". Without this, doctor --fix rejects the config and restores from last-known-good (AI Studio). Matches google-vertex: schema missing google-vertex from allowed api values, blocking Vertex AI routing #77643. This PR's MODEL_APIS allowance removes that hack.

2. ADC type restriction — currently only authorized_user ADC works (per hasGoogleVertexAuthorizedUserAdcSync). I created a proper service account (roles/aiplatform.user) but had to discard it and fall back to copying my personal ~/.config/gcloud/application_default_credentials.json (with quota_project_id set to the project) onto the container. This PR's google-auth-library fallback would let me use the SA directly.

3. Auth profile sentinel — manually wrote /data/.openclaw/agents/main/agent/auth-profiles.json with {"profiles":{"google:vertex-adc":{"type":"api_key","key":"gcp-vertex-credentials",...}}} because openclaw models auth paste-token for google-vertex provider doesn't have a providerAuthChoices entry. Not blocking once (1)+(2) land, but related.

Working config after patches

"models": {
  "providers": {
    "google": {
      "api": "google-vertex",
      "baseUrl": "https://aiplatform.googleapis.com",
      "models": [
        { "id": "gemini-3.5-flash", "api": "google-vertex", ... }
      ]
    }
  }
}

Env vars: GOOGLE_APPLICATION_CREDENTIALS, GOOGLE_CLOUD_PROJECT, GOOGLE_CLOUD_LOCATION=global (Gemini 3.5 Flash isn't GA in us-central1 yet).

Session log proof

{"type":"message","message":{"role":"assistant","content":[...],
 "api":"google-vertex","provider":"google","model":"gemini-3.5-flash",
 "stopReason":"stop","responseId":"8xAOaqW7H4nItfAP-uanuAE"}}

Multiple successful turns logged with api:"google-vertex", proper textSignature and Vertex responseId shapes.

Happy to help

If you ship a build/branch tag I can pull, I'll re-deploy without the hacks and report back from the same production stack. Particularly useful for validating the service_account ADC path since I have a working SA setup ready to swap in.

[wiselancer]

Bundled the full reproduction (env vars, ADC setup, auth-profiles.json sentinel, patch scripts, session-log proof) into a gist for anyone else hitting this in the meantime:

https://gist.github.com/wiselancer/edcb1d8b766518ecb9849287d5fc2e36

Will delete it / replace with a "use the official path" note once this PR (or #60860) lands.

[clawsweeper]

ClawSweeper PR egg

🔥 Warming up: real-behavior proof passed; findings, security review, or rank-up moves are still in progress.

Hatch command

Comment @clawsweeper hatch when this PR is hatchable.

Hatchability rules:

• Merged PRs are hatchable.
• Open PRs are hatchable when they are status: 👀 ready for maintainer look, status: 🚀 automerge armed, or labeled clawsweeper:automerge.
• Closed unmerged PRs are hatchable only when one of those hatchable labels is still present in the durable record.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• Hatchability usually comes from sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness. A merged PR is already final, so merge makes the egg hatchable independently.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

[socket-security]

No dependency changes detected. Learn more about Socket for GitHub.

👍 No dependency changes detected in pull request