🤖 feat: add support for reading api key from a file#2609
🤖 feat: add support for reading api key from a file#2609rowansmithau wants to merge 10 commits intomainfrom
Conversation
Allow users to specify a file path containing their API key in providers.jsonc via the apiKeyFile field. Supports ~ expansion. Priority order: apiKey > apiKeyFile > environment variables.
Add apiKeyFile to ProviderConfigInfoSchema, surface it from providerService, and wire up the field in ProvidersSection with optimistic updates for save and clear.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b2e071789e
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
…t for all providers - apiKeySet in providerService now only checks config.apiKey (not apiKeyFile) - 'Configured via' hint shown for all providers, not just anthropic - Message is context-aware: shows 'API key file' or 'environment variables'
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c3386855d6
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
…st path - Add apiKeySource field to ResolvedCredentials tracking where the API key was actually resolved from (config, file, or env) - Expose apiKeySource through checkProviderConfigured and ProviderConfigInfo - Update ProvidersSection UI to use apiKeySource instead of checking apiKeyFile presence, which could be wrong when the file is empty/missing and falls back to env vars - Use unique filename with timestamp+random suffix in tilde expansion test to avoid collisions with parallel test runs
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 1fd827a153
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
Add statSync check before reading API key files: - isFile() prevents blocking on FIFOs/devices - size > 4096 guard avoids reading huge files by mistake
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 5bd2462e22
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f79ef615ba
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b2857a19d7
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
|
@codex review |
|
Codex Review: Didn't find any major issues. More of your lovely PRs please. ℹ️ About Codex in GitHubCodex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback". |
|
i am dead |
Summary
Having tested AI Bridge in Coder recently I stumbled across an issue where Coder tokens default to a 7 day lifetime and need to be manually updated in Mux. Given they, or other provider tokens, may be updated by some other process and stored on disk, this PR adds the ability to reference an API keys file on disk in order to source the API key instead of hardcoding it.
Implementation
Adds an
apiKeyFilefield toProviderConfigthat reads an API key from a file path at credential resolution time. Supports~expansion for home directory paths.Resolution priority:
apiKey(direct) >apiKeyFile(from disk) > environment variables.The field is exposed in the provider settings UI as an optional text input alongside the existing API Key and Base URL fields, available for all standard API-key providers.
Files changed
src/node/config.ts— AddedapiKeyFiletoProviderConfiginterfacesrc/node/utils/providerRequirements.ts— AddedresolveApiKeyFile()helper and wired into credential resolutionsrc/node/utils/providerRequirements.test.ts— 6 test cases for apiKeyFile resolutionsrc/common/orpc/schemas/api.ts— AddedapiKeyFiletoProviderConfigInfoSchemasrc/node/services/providerService.ts— SurfacesapiKeyFilevalue to frontendsrc/browser/.../ProvidersSection.tsx— Added "API Key File" field to provider settings UIValidation
make typecheckpassesmake static-checkpasses (excluding missing local toolsshfmt/uvx)Generated with
mux• Model:anthropic:claude-opus-4-6• Thinking:off• Cost:$4.15