fix(google): preserve Vertex ADC catalog auth

[849261680]

Summary

What problem does this PR solve?

• Fixes generated models.json and plugin catalog generation dropping static google-vertex catalog providers when auth is available through ADC evidence instead of an API-key env var or auth profile.
• Reuses the existing non-secret gcp-vertex-credentials marker instead of writing credential material or adding new config.
• Registers the Google provider-owned config marker hook so the built/plugin discovery path sees the same ADC marker as the core planner path.

Why does this matter now?

• [Bug]: [Bug]: google-vertex models fail with model_not_found at runtime on 2026.5.28 and 2026.6.1 — direct Vertex API calls succeed with same credentials #90506 reports a regression from 2026.5.28/2026.6.1 where google-vertex/* models appear in model listing/startup but fail at runtime with model_not_found for ADC-backed users.

What is the intended outcome?

• ADC-backed Google Vertex catalog rows remain writable and embedded runtime model resolution can find google-vertex/* models while the Google transport continues resolving bearer auth from ADC at request time.

What is intentionally out of scope?

• No new provider config, env var, doctor migration, or Google transport request behavior change.
• No live Google Cloud credential changes.

What does success look like?

• With GOOGLE_APPLICATION_CREDENTIALS, either GOOGLE_CLOUD_PROJECT or GCLOUD_PROJECT, and GOOGLE_CLOUD_LOCATION present, generated catalog data keeps the google-vertex provider with apiKey: "gcp-vertex-credentials" and its static model rows.

What should reviewers focus on?

• Whether the core config writer accepts only known non-secret auth-evidence markers.
• Whether the Google plugin, not core, owns the Google Vertex ADC marker policy for provider discovery.

Linked context

Which issue does this close?

Closes #90506

Which issues, PRs, or discussions are related?

Related #65715, #56253

Was this requested by a maintainer or owner?

• Requested through maintainer-side issue repair workflow.

Real behavior proof (required for external PRs)

Behavior addressed: Google Vertex ADC-backed static catalog providers were filtered from generated model config, making google-vertex/* fail as model_not_found at runtime despite valid ADC evidence.

Real environment tested: Local OpenClaw source checkout on macOS with a temporary ADC application_default_credentials.json file, process env GOOGLE_APPLICATION_CREDENTIALS, GOOGLE_CLOUD_PROJECT, and GOOGLE_CLOUD_LOCATION, using the real ensureOpenClawModelsJson startup catalog-generation entry point.

Exact steps or command run after this patch: node --import tsx source-checkout probe that created a temporary ADC credentials file, set Google Vertex ADC process env, called ensureOpenClawModelsJson({ models: { providers: {} } }, agentDir, { workspaceDir, providerDiscoveryProviderIds: ["google-vertex"], providerDiscoveryEntriesOnly: true, providerDiscoveryTimeoutMs: 60000 }), and read the generated plugins/google/catalog.json sidecar.

Evidence after fix: Console output from the generated catalog probe:

{
  "wrote": true,
  "pluginFiles": [
    "catalog.json"
  ],
  "rootProviderIds": [],
  "generatedBy": "openclaw-plugin-model-catalog-v1",
  "googleCatalogProviderIds": [
    "google-vertex"
  ],
  "googleVertexApiKey": "gcp-vertex-credentials",
  "googleVertexModelCount": 6,
  "sampleGoogleVertexModels": [
    "gemini-2.5-pro",
    "gemini-2.5-flash",
    "gemini-2.5-flash-lite"
  ]
}

Observed result after fix: The same startup entries-only generation path now writes the Google plugin catalog sidecar, keeps the google-vertex provider row, preserves the existing non-secret gcp-vertex-credentials marker, and keeps static model rows without persisting credential material.

What was not tested: A live Vertex AI network request with real Google Cloud ADC credentials. No real Google Cloud credentials were available, and the proof intentionally uses only local ADC evidence and generated config output.

Before evidence: The new models-config regression failed before the implementation because the google-vertex provider was filtered out of generated models config. A local CLI attempt with temp ADC env reproduced the reported model_not_found behavior before the plugin-owned config marker hook and implicit static-catalog auth fill were added.

Tests and validation

Which commands did you run?

• node scripts/run-vitest.mjs src/agents/models-config.applies-config-env-vars.test.ts before implementation, expected failure observed in the new regression.
• node scripts/run-vitest.mjs src/agents/models-config.applies-config-env-vars.test.ts src/agents/embedded-agent-runner/model.test.ts extensions/google/transport-stream.test.ts
• node scripts/run-tsgo.mjs -p test/tsconfig/tsconfig.test.src.json --incremental --tsBuildInfoFile /tmp/openclaw-google-vertex-adc-test-src.tsbuildinfo
• node scripts/run-vitest.mjs extensions/google/index.test.ts
• node scripts/run-vitest.mjs src/agents/models-config.applies-config-env-vars.test.ts src/agents/embedded-agent-runner/model.test.ts extensions/google/transport-stream.test.ts extensions/google/index.test.ts
• node --import tsx source-checkout Google provider ADC marker probe
• node --import tsx source-checkout ensureOpenClawModelsJson generated catalog probe
• node scripts/run-vitest.mjs src/agents/models-config.providers.implicit.discovery-scope.test.ts
• node scripts/run-vitest.mjs extensions/google/index.test.ts
• git diff --check
• .agents/skills/autoreview/scripts/autoreview --mode local

What regression coverage was added or updated?

• Added a models.json planning regression that creates a temp ADC credentials file, provides Google Cloud project/location env, omits auth profiles, and asserts the generated google-vertex provider retains static model rows with gcp-vertex-credentials.
• Added a Google provider plugin hook regression that asserts ADC evidence resolves to the same non-secret config marker for both GOOGLE_CLOUD_PROJECT and GCLOUD_PROJECT project env paths.
• Added an entries-only static catalog regression that asserts generated implicit google-vertex rows are filled from ADC auth evidence before writable filtering.

What failed before this fix, if known?

• The new models-config regression failed before the core implementation because the google-vertex provider was filtered out of generated models config.
• A local CLI attempt with temp ADC env reproduced model_not_found before the plugin-owned config marker hook was added.

If no test was added, why not?

• N/A; focused regression coverage was added.

Risk checklist

Did user-visible behavior change? (Yes/No)

Yes. ADC-backed Google Vertex users should stop seeing runtime model_not_found caused by generated catalog omission.

Did config, environment, or migration behavior change? (Yes/No)

Yes, narrowly. Existing ADC env/file evidence can now populate the existing non-secret auth marker in generated provider config; no new config or env surface was added.

Did security, auth, secrets, network, or tool execution behavior change? (Yes/No)

Yes, narrowly in auth config generation. The code only persists known non-secret markers and still avoids writing plaintext env values.

What is the highest-risk area?

• Accidentally treating plaintext env credentials as writable markers.

How is that risk mitigated?

• The implementation accepts resolveEnvApiKey results only when isNonSecretApiKeyMarker(..., { includeEnvVarName: false }) recognizes the value, while env API keys continue to be represented by env var names via the existing resolveEnvApiKeyVarName path.
• The Google plugin hook only returns the existing gcp-vertex-credentials marker when ADC file, project, and location evidence are all present.

Current review state

What is the next action?

• Maintainer review and CI.

What is still waiting on author, maintainer, CI, or external proof?

• CI and optional maintainer live Vertex ADC verification if credentials are available.

Which bot or reviewer comments were addressed?

• Addresses the ClawSweeper source-level review on [Bug]: [Bug]: google-vertex models fail with model_not_found at runtime on 2026.5.28 and 2026.6.1 — direct Vertex API calls succeed with same credentials #90506 that identified missing propagation of Google Vertex ADC auth evidence into generated provider config.

[clawsweeper]

Codex review: needs maintainer review before merge. Reviewed June 5, 2026, 7:47 AM ET / 11:47 UTC.

Summary
The branch fills missing Google Vertex provider apiKeys from recognized ADC auth-evidence markers in generated models config, registers Google provider discovery hooks, and adds regression tests.

PR surface: Source +61, Tests +146. Total +207 across 8 files.

Reproducibility: yes. Source inspection shows current main drops non-env ADC auth evidence before the writable-provider gate, and the linked issue reports the resulting google-vertex model_not_found runtime failure on released builds.

Review metrics: 1 noteworthy metric.

• Auth/config surfaces: 1 core fill path changed, 2 Google hook surfaces added, 0 new env/config keys. The PR changes generated provider auth behavior while avoiding a new operator-facing config or environment surface.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🐚 platinum hermit
Patch quality: 🐚 platinum hermit
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• [P2] Wait for required CI to finish on the current head.
• [P2] Optionally add a maintainer live Vertex ADC smoke if credentials are available.

Risk before merge

• [P1] Auth/config generation is upgrade-sensitive: incorrect marker handling could either keep dropping google-vertex catalog rows or write an inappropriate marker for ADC users.
• [P1] The supplied proof exercises generated catalog output with local ADC evidence, but not a live Vertex network request with real Google Cloud credentials.

Maintainer options:

1. Accept generated-catalog proof after CI (recommended)
   Maintainers can accept the remaining no-live-Vertex risk if required CI stays green because the failed generated-catalog path is covered by terminal proof and regression tests.
2. Add live Vertex ADC smoke
   A maintainer with Google Cloud credentials can run one redacted live Vertex turn before merge to prove the request-time path too.

Next step before merge

• No repair-lane work is indicated; the remaining action is normal maintainer review, required CI, and optional live Vertex ADC validation.

Security
Cleared: No concrete security or supply-chain concern was found; the patch has no dependency/workflow changes and persists only recognized non-secret auth markers.

Review details

Best possible solution:

Land the guarded marker-based fix after required CI and maintainer auth-provider review; run a live Vertex ADC smoke only if credentials are readily available.

Do we have a high-confidence way to reproduce the issue?

Yes. Source inspection shows current main drops non-env ADC auth evidence before the writable-provider gate, and the linked issue reports the resulting google-vertex model_not_found runtime failure on released builds.

Is this the best way to solve the issue?

Yes. The PR repairs the existing auth-evidence-to-generated-config path and reuses the provider-owned non-secret marker, which is narrower than adding config, relaxing the writable gate, or requiring manual auth-profile setup.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 12a569109b60.

Label changes

Label changes:

• add proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes after-fix terminal output from the real catalog-generation entry point showing google-vertex retained with gcp-vertex-credentials and model rows.
• add rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🐚 platinum hermit and patch quality is 🐚 platinum hermit.
• add status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (terminal): The PR body includes after-fix terminal output from the real catalog-generation entry point showing google-vertex retained with gcp-vertex-credentials and model rows.
• remove rating: 🦪 silver shellfish: Current PR rating is rating: 🐚 platinum hermit, so this older rating label is no longer current.
• remove status: 📣 needs proof: Current PR status label is status: 👀 ready for maintainer look.

Label justifications:

• P1: The PR targets a recent provider-auth regression that can block Google Vertex ADC-backed agent turns for affected users.
• merge-risk: 🚨 auth-provider: The diff changes how Google Vertex auth evidence is converted into generated model config, which can affect model routing and credential handling.
• rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🐚 platinum hermit and patch quality is 🐚 platinum hermit.
• status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (terminal): The PR body includes after-fix terminal output from the real catalog-generation entry point showing google-vertex retained with gcp-vertex-credentials and model rows.
• proof: sufficient: Contributor real behavior proof is sufficient. The PR body includes after-fix terminal output from the real catalog-generation entry point showing google-vertex retained with gcp-vertex-credentials and model rows.

Evidence reviewed

PR surface:

Source +61, Tests +146. Total +207 across 8 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	5	64	3	+61
Tests	3	146	0	+146
Docs	0	0	0	0
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	8	210	3	+207

What I checked:

• Current-main gap: On current main, resolveMissingProviderApiKey fills missing provider apiKey values from env-var names or auth profiles only, so non-env ADC auth evidence can be missed before writable-provider filtering. (src/agents/models-config.providers.secret-helpers.ts:336, 12a569109b60)
• Writable-provider gate: Generated providers with model rows must have both baseUrl and apiKey; this is the gate that can drop google-vertex rows when the ADC marker is not propagated. (src/agents/models-config.plan.ts:160, 12a569109b60)
• Existing ADC marker contract: Google Vertex manifest metadata already declares local ADC evidence requirements and the non-secret gcp-vertex-credentials marker, so the PR reuses an existing marker rather than adding a new config surface. (extensions/google/openclaw.plugin.json:590, 12a569109b60)
• Runtime auth contract unchanged: The Google Vertex transport already treats undefined or gcp-vertex-credentials apiKey values as ADC bearer-auth mode, so the patch repairs catalog/config discovery rather than request-time auth semantics. (extensions/google/transport-stream.ts:775, 12a569109b60)
• PR core fix: The PR adds a guarded non-secret-marker fallback from resolveEnvApiKey when no env-var-name key is available, which targets the source-level gap without persisting raw credential values. (src/agents/models-config.providers.secret-helpers.ts:346, 57784d65bd0c)
• PR static catalog fix: The PR also fills missing auth markers after static plugin catalog discovery, covering entries-only generated plugin catalog shards. (src/agents/models-config.providers.implicit.ts:463, 57784d65bd0c)

Likely related people:

• steipete: Recent history and blame tie this account to the plugin model catalog refactor and current models-config writable-provider behavior implicated by the regression. (role: recent area contributor; confidence: high; commits: 51b5f75b92f7, 697bafa9c97d; files: src/agents/models-config.plan.ts, src/agents/models-config.providers.secret-helpers.ts, extensions/google/vertex-adc.ts)
• shakkernerd: GitHub commit history shows this account added Google Vertex manifest setup/auth-evidence metadata and manifest-backed model-list auth work that this PR depends on. (role: introduced manifest auth evidence; confidence: medium; commits: dec5de8a2cda, 69181342e1e6; files: extensions/google/openclaw.plugin.json, src/agents/model-auth-env.ts)
• damianFelixPago: GitHub commit history shows this account on the production Google Vertex ADC support in the transport and vertex-adc helper paths adjacent to this fix. (role: ADC feature contributor; confidence: medium; commits: f09b4ebe314e; files: extensions/google/vertex-adc.ts, extensions/google/transport-stream.ts)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[849261680]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/27011018185
• Updated: 2026-06-05T11:10:45.669Z

[849261680]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/27012566086
• Updated: 2026-06-05T11:48:33.779Z

[sallyom]

Merging, accepting risk of [P1] Auth/config generation is upgrade-sensitive: incorrect marker handling could either keep dropping google-vertex catalog rows or write an inappropriate marker for ADC users:

• The patch does not introduce a new marker or config surface; it reuses the existing gcp-vertex-credentials contract.
• It only accepts values that pass isNonSecretApiKeyMarker(..., { includeEnvVarName: false }), so plaintext env values and arbitrary all-caps strings are not persisted through this new path.
• The Google hook only returns the marker when ADC file evidence plus project and location env are present.
• Focused tests cover both the generated models.json path and the static plugin catalog path.