mirror of https://github.com/moltbot/moltbot.git synced 2026-03-08 06:54:24 +00:00

Files

Josh Avant 1c200ca7ae follow-up: align ingress, atomic paths, and channel tests with credential semantics (#33733 )

Merged via squash.

Prepared head SHA: c290c2ab6a
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
Reviewed-by: @joshavant

2026-03-03 20:29:46 -06:00

1.4 KiB

Raw Blame History

Auth Credential Semantics

This document defines the canonical credential eligibility and resolution semantics used across:

resolveAuthProfileOrder
resolveApiKeyForProfile
models status --probe
doctor-auth

The goal is to keep selection-time and runtime behavior aligned.

Stable Reason Codes

ok
missing_credential
invalid_expires
expired
unresolved_ref

Token Credentials

Token credentials (type: "token") support inline token and/or tokenRef.

Eligibility rules

A token profile is ineligible when both token and tokenRef are absent.
expires is optional.
If expires is present, it must be a finite number greater than 0.
If expires is invalid (NaN, 0, negative, non-finite, or wrong type), the profile is ineligible with invalid_expires.
If expires is in the past, the profile is ineligible with expired.
tokenRef does not bypass expires validation.

Resolution rules

Resolver semantics match eligibility semantics for expires.
For eligible profiles, token material may be resolved from inline value or tokenRef.
Unresolvable refs produce unresolved_ref in models status --probe output.

Legacy-Compatible Messaging

For script compatibility, probe errors keep this first line unchanged:

Auth profile credentials are missing or expired.

Human-friendly detail and stable reason codes may be added on subsequent lines.

1.4 KiB Raw Blame History