fix(models): allow users to run gpt-4o on hosted version without bringing their own keys

Author: waleedlatif1

sim/app/api/keys/openai/route.ts

@@ -0,0 +1,58 @@
+import { unstable_noStore as noStore } from 'next/cache'
+import { NextRequest, NextResponse } from 'next/server'
+import { createLogger } from '@/lib/logs/console-logger'
+import { getRotatingApiKey } from '@/lib/utils'
+
+const logger = createLogger('OpenAIKeyAPI')
+
+export const dynamic = 'force-dynamic'
+
+/**
+ * Get a rotating OpenAI API key for the specified model
+ * This endpoint is designed to be used by client-side code
+ * to get access to server-side environment variables
+ */
+export async function POST(request: NextRequest) {
+  noStore()
+
+  try {
+    const { model } = await request.json()
+
+    if (!model) {
+      return NextResponse.json({ error: 'Model parameter is required' }, { status: 400 })
+    }
+
+    // Only provide API key for gpt-4o models
+    if (model !== 'gpt-4o') {
+      return NextResponse.json(
+        { error: 'API key rotation is only available for gpt-4o models' },
+        { status: 400 }
+      )
+    }
+
+    // Check if we're on the hosted version - this is a server-side check
+    const isHostedVersion = process.env.NEXT_PUBLIC_APP_URL === 'https://www.simstudio.ai'
+    if (!isHostedVersion) {
+      return NextResponse.json(
+        { error: 'API key rotation is only available on the hosted version' },
+        { status: 403 }
+      )
+    }
+
+    try {
+      // Use the shared utility function to get a rotating key
+      const apiKey = getRotatingApiKey('openai')
+      logger.info(`Provided rotating API key for model: ${model}`)
+      return NextResponse.json({ apiKey })
+    } catch (error) {
+      logger.error('Failed to get rotating API key:', error)
+      return NextResponse.json({ error: 'No API keys configured for rotation' }, { status: 500 })
+    }
+  } catch (error) {
+    logger.error('Error providing API key:', error)
+    return NextResponse.json(
+      { error: 'Failed to provide API key', message: (error as Error).message },
+      { status: 500 }
+    )
+  }
+}

sim/blocks/blocks/agent.ts

@@ -1,13 +1,12 @@
 import { AgentIcon } from '@/components/icons'
+import { isHostedVersion } from '@/lib/utils'
 import { useOllamaStore } from '@/stores/ollama/store'
 import { MODELS_TEMP_RANGE_0_1, MODELS_TEMP_RANGE_0_2 } from '@/providers/model-capabilities'
 import { getAllModelProviders, getBaseModelProviders } from '@/providers/utils'
 import { ToolResponse } from '@/tools/types'
 import { BlockConfig } from '../types'
 
-// Determine if we're running on the hosted version
-const isHostedVersion = typeof window !== 'undefined' && 
-  process.env.NEXT_PUBLIC_APP_URL === 'https://www.simstudio.ai'
+const isHosted = isHostedVersion()
 
 interface AgentResponse extends ToolResponse {
   output: {
@@ -96,11 +95,13 @@ export const AgentBlock: BlockConfig<AgentResponse> = {
       password: true,
       connectionDroppable: false,
       // Hide API key for GPT-4o models when running on hosted version
-      condition: isHostedVersion ? {
-        field: 'model',
-        value: 'gpt-4o',
-        not: true // Show for all models EXCEPT GPT-4o models
-      } : undefined, // Show for all models in non-hosted environments
+      condition: isHosted
+        ? {
+            field: 'model',
+            value: 'gpt-4o',
+            not: true, // Show for all models EXCEPT GPT-4o models
+          }
+        : undefined, // Show for all models in non-hosted environments
     },
     {
       id: 'tools',

sim/executor/handlers/agent/agent-handler.ts

@@ -1,4 +1,5 @@
 import { createLogger } from '@/lib/logs/console-logger'
+import { isHostedVersion } from '@/lib/utils'
 import { getAllBlocks } from '@/blocks'
 import { BlockOutput } from '@/blocks/types'
 import { executeProviderRequest } from '@/providers'
@@ -65,6 +66,17 @@ export class AgentBlockHandler implements BlockHandler {
     const providerId = getProviderFromModel(model)
     logger.info(`Using provider: ${providerId}, model: ${model}`)
 
+    // Check if we need to validate API key presence
+    const isGPT4o = model === 'gpt-4o'
+    const isHosted = isHostedVersion()
+
+    // For non-hosted version, or for models other than gpt-4o, API key is required
+    if (!isHosted || !isGPT4o) {
+      if (!inputs.apiKey) {
+        throw new Error(`API key is required for ${model}`)
+      }
+    }
+
     // Format tools for provider API
     const formattedTools = Array.isArray(inputs.tools)
       ? (

sim/lib/utils.ts

@@ -197,3 +197,46 @@ export function formatDuration(durationMs: number): string {
 export function generateApiKey(): string {
   return `sim_${nanoid(32)}`
 }
+
+/**
+ * Determines if the application is running on the hosted/production version
+ * @returns boolean indicating if the app is running on the hosted version
+ */
+export function isHostedVersion(): boolean {
+  return (
+    typeof window !== 'undefined' && process.env.NEXT_PUBLIC_APP_URL === 'https://www.simstudio.ai'
+  )
+}
+
+/**
+ * Rotates through available API keys for a provider
+ * @param provider - The provider to get a key for (e.g., 'openai')
+ * @returns The selected API key
+ * @throws Error if no API keys are configured for rotation
+ */
+export function getRotatingApiKey(provider: string): string {
+  if (provider !== 'openai') {
+    throw new Error(`No rotation implemented for provider: ${provider}`)
+  }
+
+  // Get all OpenAI keys from environment
+  const keys = []
+
+  // Add keys if they exist in environment variables
+  if (process.env.OPENAI_API_KEY_1) keys.push(process.env.OPENAI_API_KEY_1)
+  if (process.env.OPENAI_API_KEY_2) keys.push(process.env.OPENAI_API_KEY_2)
+  if (process.env.OPENAI_API_KEY_3) keys.push(process.env.OPENAI_API_KEY_3)
+
+  if (keys.length === 0) {
+    throw new Error(
+      'No API keys configured for rotation. Please configure OPENAI_API_KEY_1, OPENAI_API_KEY_2, or OPENAI_API_KEY_3.'
+    )
+  }
+
+  // Simple round-robin rotation based on current minute
+  // This distributes load across keys and is stateless
+  const currentMinute = new Date().getMinutes()
+  const keyIndex = currentMinute % keys.length
+
+  return keys[keyIndex]
+}

sim/providers/openai/index.ts

@@ -1,10 +1,71 @@
 import OpenAI from 'openai'
 import { createLogger } from '@/lib/logs/console-logger'
+import { isHostedVersion } from '@/lib/utils'
 import { executeTool } from '@/tools'
 import { ProviderConfig, ProviderRequest, ProviderResponse, TimeSegment } from '../types'
 
 const logger = createLogger('OpenAI Provider')
 
+/**
+ * Helper function to handle API key rotation for GPT-4o
+ * @param apiKey - The original API key from the request
+ * @param model - The model being used
+ * @returns The API key to use (original or rotating)
+ */
+async function getApiKey(apiKey: string | undefined, model: string): Promise<string> {
+  // Check if we should use a rotating key
+  const isHosted = isHostedVersion()
+  const isGPT4o = model === 'gpt-4o'
+
+  // On hosted version, always use rotating key for GPT-4o models
+  if (isHosted && isGPT4o) {
+    try {
+      // Use API endpoint to get the key from server-side env variables
+      const response = await fetch('/api/keys/openai', {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+        },
+        body: JSON.stringify({ model }),
+      })
+
+      if (!response.ok) {
+        const errorData = await response.json()
+        throw new Error(`API key service error: ${errorData.error || response.statusText}`)
+      }
+
+      const data = await response.json()
+      if (!data.apiKey) {
+        throw new Error('API key service did not return a key')
+      }
+
+      logger.info('Using API key from server rotation service')
+      return data.apiKey
+    } catch (error) {
+      logger.warn('Failed to get API key from server', {
+        error: error instanceof Error ? error.message : String(error),
+      })
+
+      // If we couldn't get a rotating key and have a user key, use it as fallback
+      // This should only happen if rotation system is misconfigured
+      if (apiKey) {
+        logger.info('Falling back to user-provided API key')
+        return apiKey
+      }
+
+      // No rotating key and no user key - throw specific error
+      throw new Error('API key is required for OpenAI')
+    }
+  }
+
+  // For non-hosted versions or non-GPT4o models, require the provided key
+  if (!apiKey) {
+    throw new Error('API key is required for OpenAI')
+  }
+
+  return apiKey
+}
+
 /**
  * OpenAI provider configuration
  */
@@ -26,18 +87,11 @@ export const openaiProvider: ProviderConfig = {
       hasResponseFormat: !!request.responseFormat,
     })
 
-    if (!request.apiKey) {
-      logger.error('OpenAI API key missing in request', {
-        hasModel: !!request.model,
-        hasSystemPrompt: !!request.systemPrompt,
-        hasMessages: !!request.messages,
-        hasTools: !!request.tools,
-      })
-      throw new Error('API key is required for OpenAI')
-    }
+    // Get the API key - this will fetch from the server if needed for gpt-4o on hosted version
+    const apiKey = await getApiKey(request.apiKey, request.model || 'gpt-4o')
 
     const openai = new OpenAI({
-      apiKey: request.apiKey,
+      apiKey,
       dangerouslyAllowBrowser: true,
     })