Skip to content

fix(acp): recognize API-key providers as authenticated#1570

Open
destire-mio wants to merge 2 commits into
MoonshotAI:mainfrom
destire-mio:fix/acp-api-key-auth-gate
Open

fix(acp): recognize API-key providers as authenticated#1570
destire-mio wants to merge 2 commits into
MoonshotAI:mainfrom
destire-mio:fix/acp-api-key-auth-gate

Conversation

@destire-mio

Copy link
Copy Markdown

Related Issue

Resolve #1330

Problem

ACP session creation treated only cached OAuth credentials as authentication. A configured provider with a usable API key was rejected before the session could start.

What changed

The SDK auth status now reports non-empty configured API keys as authenticated providers, while preserving OAuth status and avoiding duplicate provider entries. The ACP IDE guide now documents both supported authentication paths.

Checklist

  • I have read the CONTRIBUTING document.
  • I have linked a related issue, or explained the problem above.
  • I have added tests that prove my feature works.
  • Ran gen-changesets skill, or this PR needs no changeset.
  • Ran gen-docs skill, or this PR needs no doc update.

Evidence

  • pnpm --config.engine-strict=false test packages/node-sdk/test/auth-facade.test.ts (24 passing)
  • pnpm --config.engine-strict=false --filter @moonshot-ai/kimi-code-sdk typecheck

The local environment provides Node 24.14; the repository requires Node 24.15+, so the commands completed with the engine check explicitly overridden.

@changeset-bot

changeset-bot Bot commented Jul 12, 2026

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: ce781d1

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@moonshot-ai/kimi-code Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 9cb80e6163

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread packages/node-sdk/src/auth.ts Outdated
const config = loadRuntimeConfigSafe(this.options.configPath).config;
const apiKeyProviderNames = new Set(
Object.entries(config.providers)
.filter(([, provider]) => provider.apiKey?.trim().length)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Recognize env-backed API keys in auth status

For providers configured with [providers.<name>.env] (for example KIMI_API_KEY = "...") and no OAuth token, auth.status() still reports no authenticated provider because this filter only checks the direct apiKey field. The runtime provider path accepts those env sub-table keys as valid credentials, so kimi acp continues to fail the ACP auth gate with Authentication required even though the configured provider can actually make requests.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[ACP] API-key login does not satisfy the session auth gate — session/new always returns auth_required (-32000)

1 participant