fix(ollama): allow Orb host local auth

[dutifulbob]

Summary

• Treat host.orb.internal as a local Ollama host for ollama-local marker auth.
• Keep Orb host aliases out of loopback-only discovery suppression so explicit Orb providers still suppress implicit localhost discovery.
• Add regression coverage and a changelog entry.

Closes #84875

Verification

• git diff --check
• node scripts/run-vitest.mjs src/agents/model-auth.test.ts extensions/ollama/src/discovery-shared.test.ts extensions/ollama/index.test.ts extensions/ollama/src/setup.test.ts extensions/ollama/src/provider-models.ssrf.test.ts
• node --import tsx --input-type=module source-level auth repro for http://host.orb.internal:11434
• codex review --commit HEAD accepted one loopback/discovery finding; the patch now separates local-auth hosts from loopback-discovery hosts and the rerun completed its focused Vitest proof before entering the known helper recursion path, which was stopped.

Real behavior proof

Behavior addressed: models.providers.ollama with baseUrl: "http://host.orb.internal:11434" and apiKey: "ollama-local" now resolves local marker auth instead of falling through to No API key found for provider "ollama".

Real environment tested: Local OpenClaw source worktree on Node 22.22.0; the issue was also reproduced against v2026.5.19 in a detached local worktree before this patch.

Exact steps or command run after this patch: Ran the focused Vitest command listed above, git diff --check, and a source-level resolveApiKeyForProvider repro using an explicit empty auth-profile store and the reported Orb base URL.

Evidence after fix: The source-level repro returned isLocalOllamaBaseUrl: true and resolvedAuth: { apiKey: "ollama-local", source: "models.json (local marker)", mode: "api-key" }; the focused Vitest run passed 6 files and 188 tests.

Observed result after fix: host.orb.internal is accepted as local Ollama for auth; explicit Orb host Ollama providers are treated as non-loopback custom providers for discovery suppression.

What was not tested: A live Orb VM with a real host-side Ollama server. Crabbox/Testbox proof was attempted but unavailable locally because no Crabbox coordinator token/AWS broker credentials were present and the Blacksmith CLI was not installed/authenticated.

[clawsweeper]

Codex review: passed.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
The branch adds OrbStack host aliases to Ollama local-auth classification, keeps implicit localhost discovery suppression loopback-only, and adds focused regression tests plus a changelog entry.

Reproducibility: yes. The linked issue provides a concrete OrbStack config and missing-auth log, and current main's local-host checks exclude host.orb.internal, making the failure source-reproducible without needing a broad runtime setup.

PR rating
Overall: 🐚 platinum hermit
Proof: 🦞 diamond lobster
Patch quality: 🐚 platinum hermit
Summary: A narrow provider bug fix with strong live proof for the reported path and clean focused coverage; remaining work is exact-head check agreement.

Rank-up moves:

• none

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

Real behavior proof
Sufficient (live_output): The PR body has source-level resolver output, and a maintainer added live OrbStack/Ollama command output showing host-side Ollama working through host.orb.internal:11434.

Risk before merge

• The previous automerge status was blocked by a Real behavior proof check after the branch was repaired/rebased; this review treats the maintainer live proof as sufficient, but merge should still wait for exact-head checks to agree.

Maintainer options:

1. Decide the mitigation before merge
   Land the narrow alias-classification fix after exact-head checks pass, preserving remote-host credential boundaries and loopback-only implicit discovery suppression.
2. Pause or close
   Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge
No repair job is needed; the branch already contains the focused fix and should proceed through automerge/exact-head checks after this sufficient-proof review.

Security
Cleared: No concrete security or supply-chain concern found; the diff only changes Ollama local-host classification, focused tests, and changelog text.

Review details

Best possible solution:

Land the narrow alias-classification fix after exact-head checks pass, preserving remote-host credential boundaries and loopback-only implicit discovery suppression.

Do we have a high-confidence way to reproduce the issue?

Yes. The linked issue provides a concrete OrbStack config and missing-auth log, and current main's local-host checks exclude host.orb.internal, making the failure source-reproducible without needing a broad runtime setup.

Is this the best way to solve the issue?

Yes. The branch keeps the fix narrow by adding the OrbStack aliases only to local-auth classification and separating loopback discovery suppression so remote/custom-provider behavior stays intact.

Label changes:

• add status: 🚀 automerge armed: This PR is in ClawSweeper's automerge lane. Sufficient (live_output): The PR body has source-level resolver output, and a maintainer added live OrbStack/Ollama command output showing host-side Ollama working through host.orb.internal:11434.
• remove status: 👀 ready for maintainer look: Current PR status label is status: 🚀 automerge armed.

Label justifications:

• P2: This fixes a real Ollama auth-provider regression for OrbStack VM users with a small, provider-local blast radius.
• rating: 🐚 platinum hermit: Current PR rating is 🐚 platinum hermit because proof is 🦞 diamond lobster, patch quality is 🐚 platinum hermit, and A narrow provider bug fix with strong live proof for the reported path and clean focused coverage; remaining work is exact-head check agreement.
• status: 🚀 automerge armed: This PR is in ClawSweeper's automerge lane. Sufficient (live_output): The PR body has source-level resolver output, and a maintainer added live OrbStack/Ollama command output showing host-side Ollama working through host.orb.internal:11434.
• proof: sufficient: Contributor real behavior proof is sufficient. The PR body has source-level resolver output, and a maintainer added live OrbStack/Ollama command output showing host-side Ollama working through host.orb.internal:11434.

What I checked:

• Current main auth gap: On current main, isLocalBaseUrl accepts loopback, .local, and private IPv4 hosts, but not host.orb.internal, so a configured apiKey: "ollama-local" for the linked OrbStack issue path falls through the missing-auth branch. (src/agents/model-auth.ts:257, 66dcc4ee8fd1)
• Current main discovery boundary: On current main, Ollama discovery uses one local-hostname set for both local auth classification and loopback discovery suppression, and that set has no OrbStack aliases. (extensions/ollama/src/discovery-shared.ts:73, 66dcc4ee8fd1)
• PR auth fix: The PR head adds docker.orb.internal and host.orb.internal to the model-auth local-base-url check used by local marker auth resolution. (src/agents/model-auth.ts:270, 0058151e41c6)
• PR discovery fix: The PR head adds the same OrbStack aliases to Ollama local classification while splitting LOOPBACK_OLLAMA_HOSTNAMES so explicit Orb providers still suppress implicit localhost discovery as remote/non-loopback custom providers. (extensions/ollama/src/discovery-shared.ts:73, 0058151e41c6)
• Regression coverage: The PR adds model-auth coverage that resolves ollama-local for both OrbStack aliases, and plugin discovery coverage that skips implicit localhost discovery when a custom Orb Ollama provider is configured. (src/agents/model-auth.test.ts:1114, 0058151e41c6)
• Maintainer live proof: A maintainer comment reports a real macOS host with OrbStack 2.1.3, host-side Ollama 0.24.0, an Orb Ubuntu arm64 VM, focused tests passing, source-level auth resolution returning models.json (local marker), and live /api/tags plus /api/generate responses through host.orb.internal:11434. (670bc6cae241)

Likely related people:

• steipete: Recent history moved Ollama synthetic-auth precedence into the extension and the shortlog shows the heaviest recent ownership across the touched auth and Ollama files. (role: recent area contributor; confidence: high; commits: 49936f606645, a185ca283a74; files: src/agents/model-auth.ts, src/agents/model-auth.test.ts, extensions/ollama/index.ts)
• vignesh07: The configured-Ollama-endpoints-without-dummy-keys behavior appears in the history as a central precursor to the current local synthetic-auth path. (role: introduced adjacent behavior; confidence: medium; commits: 36afd1b2b0ae; files: src/agents/model-auth.ts)
• Bruce MacDonald: Recent Ollama auth history includes work on preferring real cloud auth over the local marker, which is the same auth boundary this PR adjusts. (role: adjacent auth contributor; confidence: medium; commits: 5f4077cc7d4f; files: src/agents/model-auth.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against 66dcc4ee8fd1.

[clawsweeper]

ClawSweeper PR egg

✨ Hatched: 🥚 common Pearl Shellbean

Hatch command

Comment @clawsweeper hatch when this PR is hatchable.

Hatchability rules:

• Merged PRs are hatchable.
• Open PRs are hatchable when they are status: 👀 ready for maintainer look, status: 🚀 automerge armed, or labeled clawsweeper:automerge.
• Closed unmerged PRs are hatchable only when one of those hatchable labels is still present in the durable record.

Rarity: 🥚 common.
Trait: guards the happy path.
Image traits: location release reef; accessory commit compass; palette charcoal, cyan, and signal green; mood patient; pose stepping out of a freshly hatched shell; shell paper lantern shell; lighting cool dashboard glow; background quiet workflow signs.
Share on X: post this hatch
Copy: My PR egg hatched a 🥚 common Pearl Shellbean in ClawSweeper.

What is this egg doing here?

• Eggs appear after the PR passes real-behavior proof. It is here for vibes, not verdicts: it does not change labels, ratings, merge decisions, or automation.
• The shell reacts to review momentum: open follow-up work warms it up, re-review makes it wobble, and a clean final review lets it hatch.
• Hatchability usually comes from sufficient real-behavior proof, no blocking P0/P1/P2 findings, no security attention needed, and clean correctness. A merged PR is already final, so merge makes the egg hatchable independently.
• The hatch is seeded from this repository and PR number, so the same PR keeps the same creature; the reviewed head SHA can only change safe visual details.
• Rarity is just collectible sparkle: 🥚 common, 🌱 uncommon, 💎 rare, ✨ glimmer, and 🌈 legendary.

[osolmaz]

Maintainer real behavior proof for the Orb host Ollama path.

Behavior addressed: models.providers.ollama with baseUrl: "http://host.orb.internal:11434" and apiKey: "ollama-local" should resolve local marker auth and work from an Orb Linux VM against host-side Ollama.

Real environment tested: macOS host with OrbStack 2.1.3 and real Ollama 0.24.0 installed/running on the host; temporary Orb Ubuntu arm64 machine; OpenClaw PR head 670bc6cae241b0d629d95f1534a184e2eeffddd3.

Exact steps or command run after this patch:

git diff --check
node scripts/run-vitest.mjs src/agents/model-auth.test.ts extensions/ollama/src/discovery-shared.test.ts extensions/ollama/index.test.ts extensions/ollama/src/setup.test.ts extensions/ollama/src/provider-models.ssrf.test.ts
node --import tsx --input-type=module  # source-level resolveApiKeyForProvider repro for http://host.orb.internal:11434
ollama pull smollm2:135m
orb -m openclaw-ollama-proof sh -lc 'curl -fsS --max-time 20 http://host.orb.internal:11434/api/tags; curl -fsS --max-time 60 http://host.orb.internal:11434/api/generate -d "{\"model\":\"smollm2:135m\",\"prompt\":\"Reply with exactly: orb-ok\",\"stream\":false}"'

Evidence after fix:

git diff --check: pass
focused Vitest: 6 files passed, 188 tests passed
resolveApiKeyForProvider: { apiKey: "ollama-local", source: "models.json (local marker)", mode: "api-key" }
ollama version: 0.24.0
ollama list: smollm2:135m present
Orb VM getent hosts host.orb.internal: fd07:b51a:cc66:f0::fe host.orb.internal
Orb VM /api/tags: returned smollm2:135m from the real host Ollama daemon
Orb VM /api/generate: returned a normal Ollama JSON generation response with model "smollm2:135m" and done=true

Observed result after fix: the PR accepts the Orb host alias for local Ollama marker auth, preserves remote-host auth boundaries, and a real Orb VM can reach host-side Ollama through host.orb.internal:11434 for both model listing and generation.

What was not tested: the reporter's exact qwen3.5:27b model was not pulled; I used smollm2:135m to keep the live proof small while exercising the same host, Orb, Ollama API, and OpenClaw auth path.

[osolmaz]

@clawsweeper automerge

[clawsweeper]

🦞🔧
ClawSweeper saw the passing review, but the PR needs another repair pass before merge.

Source: clawsweeper[bot]
Feedback: structured ClawSweeper verdict: pass (sha=0058151e41c6021a2d01de2cabba8f31647b02e5); current checks are failing: Real behavior proof:FAILURE
Action: repair worker queued. Run: https://github.com/openclaw/clawsweeper/actions/runs/26235022794
Model: gpt-5.5

I will update this PR branch, or open a safe credited replacement, if the repair worker finds a narrow CI fix.

Automerge progress:

• 2026-05-21 14:46:58 UTC validation plan (passed) in 18s Run: https://github.com/openclaw/clawsweeper/actions/runs/26233136838 pnpm check:changed; pnpm lint; pnpm check:test-types

• 2026-05-21 14:47:14 UTC Codex write preflight (passed) in 33s Run: https://github.com/openclaw/clawsweeper/actions/runs/26233136838 danger-full-access

• 2026-05-21 15:01:57 UTC Codex edit 1 0694c6a462f2 (complete) in 15m 17s Run: https://github.com/openclaw/clawsweeper/actions/runs/26233136838 exit 0

• 2026-05-21 15:05:21 UTC validation and review 1 0058151e41c6 (base moved) in 18m 41s Run: https://github.com/openclaw/clawsweeper/actions/runs/26233136838 rebased

• 2026-05-21 15:05:30 UTC repair completed 0058151e41c6 (branch updated) in 18m 50s Run: https://github.com/openclaw/clawsweeper/actions/runs/26233136838 initial automerge rebase is delegated to Codex repair

• 2026-05-21 15:05:29 UTC review queued 0058151e41c6 (after repair)

• 2026-05-21 15:05:55 UTC automerge wait 0058151e41c6 (blocked) in 19m 14s Run: https://github.com/openclaw/clawsweeper/actions/runs/26233136838 GitHub checks failed: Real behavior proof:FAILURE

• 2026-05-21 15:05:57 UTC repair finished 0058151e41c6 (pushed) in 19m 17s Run: https://github.com/openclaw/clawsweeper/actions/runs/26233136838 repair_contributor_branch

• 2026-05-21 15:15:06 UTC review passed 0058151e41c6 (structured ClawSweeper verdict: pass (sha=0058151e41c6021a2d01de2cabba8f31647b0...)

• 2026-05-21 15:15:25 UTC repair queued 0058151e41c6 (autonomous) Run: https://github.com/openclaw/clawsweeper/actions/runs/26235022794

• 2026-05-21 15:18:36 UTC repair started (running) in 1s Run: https://github.com/openclaw/clawsweeper/actions/runs/26235022794 automerge-openclaw-openclaw-84963

• 2026-05-21 15:18:52 UTC validation plan (passed) in 17s Run: https://github.com/openclaw/clawsweeper/actions/runs/26235022794 pnpm check:changed; pnpm lint; pnpm check:test-types

• 2026-05-21 15:19:13 UTC Codex write preflight (passed) in 38s Run: https://github.com/openclaw/clawsweeper/actions/runs/26235022794 danger-full-access

• 2026-05-21 15:22:23 UTC Codex edit 1 7001b20b6cc8 (complete) in 3m 47s Run: https://github.com/openclaw/clawsweeper/actions/runs/26235022794 exit 0

• 2026-05-21 15:27:10 UTC validation and review 1 cb82dcf52263 (base moved) in 8m 35s Run: https://github.com/openclaw/clawsweeper/actions/runs/26235022794 rebased

• 2026-05-21 15:28:18 UTC repair finished cb82dcf52263 (opened) in 9m 43s Run: https://github.com/openclaw/clawsweeper/actions/runs/26235022794 open_fix_pr

[clawsweeper]

ClawSweeper 🐠 reef update

Thanks for the contribution. ClawSweeper hit a branch-permission wall on this PR, so it opened a replacement branch to keep review moving while preserving credit.

Why replacement: ClawSweeper could not update the source PR branch directly; GitHub did not grant sufficient push rights to the bot for that branch.
Replacement PR: #84999
Why close: this run explicitly closes the superseded source PR after the credited replacement PR is open, so review continues in one place.
Closing this source PR only because source-PR closing was explicitly enabled for this run.
Contributor credit is copied into the replacement PR notes and changelog path.
Co-author credit kept:

• @dutifulbob: Co-authored-by: Bob 261991368+dutifulbob@users.noreply.github.com

fish notes: model gpt-5.5, reasoning high; reviewed against cb82dcf.