fix(agents): tolerate missing attribution baseUrl#92991
Conversation
|
Codex review: needs maintainer review before merge. Reviewed June 14, 2026, 2:41 PM ET / 18:41 UTC. Summary PR surface: Source +2, Tests +91. Total +93 across 2 files. Reproducibility: yes. Current main dereferences Review metrics: 1 noteworthy metric.
Stored data model Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Risk before merge
Maintainer options:
Next step before merge
Security Review detailsBest possible solution: Land this narrow null-guard plus regression coverage if the remaining required checks pass, then close the linked Bedrock crash issue and the duplicate fix PRs as superseded by the landed path. Do we have a high-confidence way to reproduce the issue? Yes. Current main dereferences Is this the best way to solve the issue? Yes. Normalizing the optional runtime value inside the attribution helper is the narrow crash-site fix and avoids a broader attribution refactor while preserving existing OpenRouter and Cloudflare behavior. AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against 07dfdd4bd038. Label changesLabel changes:
Label justifications:
Evidence reviewedPR surface: Source +2, Tests +91. Total +93 across 2 files. View PR surface stats
What I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
|
3d5ecdc to
4143df7
Compare
|
Land-ready proof for
Known proof gap: no live AWS Bedrock request was run because valid AWS credentials were unavailable. The reported crash occurs before network dispatch, and the real session-path regression proves that boundary directly. |
Avoid assuming every runtime model exposes a string `baseUrl` before provider attribution checks. Preserve OpenRouter and Cloudflare attribution behavior while allowing Bedrock session setup to reach provider routing. Fixes openclaw#92974. Co-authored-by: Sami Rusani <sr@samirusani>
Avoid assuming every runtime model exposes a string `baseUrl` before provider attribution checks. Preserve OpenRouter and Cloudflare attribution behavior while allowing Bedrock session setup to reach provider routing. Fixes openclaw#92974. Co-authored-by: Sami Rusani <sr@samirusani>
Avoid assuming every runtime model exposes a string `baseUrl` before provider attribution checks. Preserve OpenRouter and Cloudflare attribution behavior while allowing Bedrock session setup to reach provider routing. Fixes openclaw#92974. Co-authored-by: Sami Rusani <sr@samirusani>
Avoid assuming every runtime model exposes a string `baseUrl` before provider attribution checks. Preserve OpenRouter and Cloudflare attribution behavior while allowing Bedrock session setup to reach provider routing. Fixes openclaw#92974. Co-authored-by: Sami Rusani <sr@samirusani>
Fixes #92974.
Summary
baseUrlread so Bedrock-shaped models that omitbaseUrldo not crash before provider routing.baseUrl, OpenRouter attribution, and Cloudflare attribution.Root cause
getAttributionHeaders()treatedModel.baseUrlas always present and called.includes()on it. Runtime model config can cross this boundary withoutbaseUrl, including Bedrock models, so install telemetry attribution could throw before the provider request path ran.Real behavior proof
Behavior addressed: A Bedrock model object without
baseUrlshould not throwCannot read properties of undefined (reading 'includes')before provider routing.Real environment tested: Local OpenClaw source checkout on macOS at exact head
4143df76efd08c506d238ef9f9ae06eb7210375f, Nodev26.3.0, using a Bedrock-shapedamazon-bedrockmodel object with nobaseUrl; Linux Testbox for the changed gate.Exact steps or command run after this patch: Ran a local Node source harness with
node --import tsxthat importedcreateAgentSession, created a real session with the Bedrock-shaped model, and calledsession.agent.streamFn(...)with an already-aborted signal to avoid any live AWS request.Evidence after fix: Copied live terminal output from the source harness:
{"reachedProviderPath":true,"errorName":"Error","message":"No API provider registered for api: bedrock-converse-stream"}Observed result after fix: The stream path reached provider routing and failed with the expected local missing-provider setup error. It did not throw the previous
baseUrl.includesTypeError.What was not tested: No live AWS Bedrock request was made because no valid AWS credentials were available. The regression occurs before the provider network call; the real session harness and focused tests cover that boundary.
Validation
node scripts/run-vitest.mjs src/agents/sessions/sdk.test.ts src/agents/provider-attribution.test.tsCI=true pnpm exec oxfmt --check --threads=1 src/agents/sessions/sdk.ts src/agents/sessions/sdk.test.tsgit diff --checktbx_01kv3peewwaj45fgwye7bmbsyzAI-assisted disclosure
AI-assisted PR prepared with Codex. I reviewed the changed code path, kept the change scoped to #92974, and ran the validation listed above.