fix: harden explicit-provider gate for stale env-seeded pool entries + non-desktop picker opt-ins

Follow-up on the #56966 salvage:

- is_provider_explicitly_configured(): an env-seeded credential-pool entry
  only counts as explicit while its env var still resolves to a usable
  secret. A stale auth.json entry left behind after the user deletes the
  var no longer keeps the provider in the picker forever (#55790).
- TUI modelPicker + dashboard ModelPickerDialog/api.getModelOptions pass
  include_unconfigured=true explicitly, preserving their full-universe
  setup-affordance behavior now that the backend defaults to the
  configured subset.
- desktop lib/model-options.ts routes explicit_only through the shared
  requestModelOptions() helper (added on main after the PR branched).
- regression tests for ambient (gh_cli) pool sources, explicit manual/
  device-code sources, and stale vs live env-seeded entries.
This commit is contained in:
Teknium 2026-07-07 14:15:40 -07:00
parent a0b14a3126
commit f304f41266

View file

@ -82,3 +82,92 @@ def test_claude_code_oauth_token_does_not_count_as_explicit(tmp_path, monkeypatc
from hermes_cli.auth import is_provider_explicitly_configured
assert is_provider_explicitly_configured("anthropic") is False
def test_ambient_pool_source_does_not_count_as_explicit(tmp_path, monkeypatch):
"""gh_cli-seeded Copilot pool entries are ambient, not explicit config (#56974)."""
monkeypatch.setenv("HERMES_HOME", str(tmp_path / "hermes"))
monkeypatch.delenv("COPILOT_GITHUB_TOKEN", raising=False)
monkeypatch.delenv("GH_TOKEN", raising=False)
monkeypatch.delenv("GITHUB_TOKEN", raising=False)
_write_auth_store(tmp_path, {
"version": 1,
"providers": {},
"active_provider": None,
"credential_pool": {
"copilot": [{
"id": "abc123",
"source": "gh_cli",
"auth_type": "api_key",
"access_token": "ghu_sometoken",
}],
},
})
from hermes_cli.auth import is_provider_explicitly_configured
assert is_provider_explicitly_configured("copilot") is False
def test_explicit_pool_source_counts_as_explicit(tmp_path, monkeypatch):
"""manual / device_code / PKCE pool entries reflect explicit Hermes flows."""
monkeypatch.setenv("HERMES_HOME", str(tmp_path / "hermes"))
_write_auth_store(tmp_path, {
"version": 1,
"providers": {},
"active_provider": None,
"credential_pool": {
"anthropic": [{
"id": "def456",
"source": "manual:key-1",
"auth_type": "api_key",
"access_token": "sk-ant-api03-key",
}],
},
})
from hermes_cli.auth import is_provider_explicitly_configured
assert is_provider_explicitly_configured("anthropic") is True
def test_stale_env_pool_entry_does_not_count_when_var_unset(tmp_path, monkeypatch):
"""An env-seeded pool entry left in auth.json after the env var was removed
must not mark the provider configured (#55790): the picker showed removed
providers forever because the record existed even though no secret resolves."""
monkeypatch.setenv("HERMES_HOME", str(tmp_path / "hermes"))
monkeypatch.delenv("DEEPSEEK_API_KEY", raising=False)
_write_auth_store(tmp_path, {
"version": 1,
"providers": {},
"active_provider": None,
"credential_pool": {
"deepseek": [{
"id": "aaa111",
"source": "env:DEEPSEEK_API_KEY",
"auth_type": "api_key",
}],
},
})
from hermes_cli.auth import is_provider_explicitly_configured
assert is_provider_explicitly_configured("deepseek") is False
def test_env_pool_entry_counts_when_var_still_resolves(tmp_path, monkeypatch):
"""The same env-seeded pool entry IS explicit while the var still resolves."""
monkeypatch.setenv("HERMES_HOME", str(tmp_path / "hermes"))
monkeypatch.setenv("DEEPSEEK_API_KEY", "sk-deepseek-realkey-123456")
_write_auth_store(tmp_path, {
"version": 1,
"providers": {},
"active_provider": None,
"credential_pool": {
"deepseek": [{
"id": "aaa111",
"source": "env:DEEPSEEK_API_KEY",
"auth_type": "api_key",
}],
},
})
from hermes_cli.auth import is_provider_explicitly_configured
assert is_provider_explicitly_configured("deepseek") is True