fix(secrets): resolve llm provider and secret mismatches (#5032)#5069
fix(secrets): resolve llm provider and secret mismatches (#5032)#5069raza-khan0108 wants to merge 1 commit into
Conversation
|
@raza-khan0108 is attempting to deploy a commit to the agenta projects Team on Vercel. A member of the Team first needs to authorize it. |
|
✅ Thanks @raza-khan0108! This PR now meets the contribution requirements and has been reopened. A maintainer will review it soon. |
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (9)
Disabled knowledge base sources:
📝 WalkthroughSummary by CodeRabbit
WalkthroughRenames the TogetherAI provider environment variable from TOGETHERAI_API_KEY to TOGETHER_API_KEY across backend enums, secret resolution utilities, SDK runner mappings, and frontend provider lists, while preserving legacy TOGETHERAI_API_KEY as a fallback/alias. Corresponding test fixtures and unit tests are updated, and a MINIMAX_API_KEY test mapping is added. ChangesTogetherAI Environment Variable Key Correction
Estimated code review effort: 2 (Simple) | ~10 minutes Sequence Diagram(s)Not applicable. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 4464c90835
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| # Secret kind is "together_ai" (underscore) even though the env var is TOGETHERAI_API_KEY | ||
| "together_ai": "TOGETHERAI_API_KEY", | ||
| # Secret kind is "together_ai" (underscore) and env var is TOGETHER_API_KEY | ||
| "together_ai": "TOGETHER_API_KEY", |
There was a problem hiding this comment.
Continue injecting LiteLLM's TogetherAI key
For Daytona evaluators that call LiteLLM with a together_ai/... model, this map is the only place vault provider keys are copied into the sandbox environment before create(...). LiteLLM still documents TOGETHERAI_API_KEY for Together AI (https://docs.litellm.ai/docs/providers/togetherai), so after this change the vault key is only available as TOGETHER_API_KEY and those evaluators fail authentication; inject the legacy name as well during the transition.
Useful? React with 👍 / 👎.
| [StandardProviderKind.Anthropic]: "ANTHROPIC_API_KEY", | ||
| [StandardProviderKind.Perplexityai]: "PERPLEXITYAI_API_KEY", | ||
| [StandardProviderKind.TogetherAi]: "TOGETHERAI_API_KEY", | ||
| [StandardProviderKind.TogetherAi]: "TOGETHER_API_KEY", |
There was a problem hiding this comment.
Canonicalize legacy Together names before matching
When a browser still has legacy llmAvailableProvidersToken data with provider.name === "TOGETHERAI_API_KEY" and the project already has a Together vault secret, this new canonical display name makes standardSecrets contain TOGETHER_API_KEY while createStandardSecretAtom looks up by the raw legacy name. The lookup misses, so the migration/submit path creates a second together_ai secret instead of updating the existing one, and later reads can pick the wrong duplicate key; normalize the legacy name before matching.
Useful? React with 👍 / 👎.
Summary
Together AI was mapped inconsistently across the codebase. The frontend (
@agenta/entities) and SDK (daytona.py) looked forTOGETHERAI_API_KEY, while standard LLM providers in the backend expectedTOGETHER_API_KEY. Furthermore,MINIMAX_API_KEYwas missing from the test suite mappings.As a result, users configuring Together AI or MiniMax encountered secret resolution failures during evaluation and playground execution because the system looked for different environment variable names across layers.
This PR aligns Together AI on
TOGETHER_API_KEYacross the frontend packages, FastAPI backend, and SDK runners. To prevent breaking existing deployments that saved secrets under the legacy name, fallback aliases (TOGETHERAI_API_KEY) are added in both the frontend (STANDARD_PROVIDER_ENV_ALIASES) and backend secrets core (_LEGACY_SYSTEM_ENV_NAMES). It also addsMINIMAX_API_KEYto the test mappings.Before:
After:
Testing
Verified locally
uv run --project api pytest api/oss/tests/pytest/unit/secrets/test_utils.py(all 3 unit tests passed).pnpm --filter="@agenta/entities" test(675 tests passed) andpnpm --filter="@agenta/shared" test(189 tests passed).ruff format,ruff check, andpnpm lint-fixon modified packages with zero errors or warnings.Added or updated tests
test_utils.pyin API unit tests to assertTOGETHER_API_KEYresolution.test_get_system_llm_providers_secrets_reads_legacy_togetherai_envintest_utils.pyto verify system secret fallback when onlyTOGETHERAI_API_KEYis set in the environment.conftest.pyin both API and SDK legacy test suites to useTOGETHER_API_KEYand addedMINIMAX_API_KEYtoAPI_KEYS_MAPPING.QA follow-up
TOGETHERAI_API_KEYset in the system environment still resolves correctly when executing evaluations without needing manual secret re-entry.Demo
Checklist
Contributor Resources