Enhancement: Robust API key handling and environment fallbacks for AI providers

[DJJones66]

Enhancement: Robust API key handling and environment fallbacks for AI providers

---

Summary

This PR strengthens the AI provider configuration flow by adding environment variable fallbacks, improving encrypted settings handling, and enhancing error reporting. It ensures that providers such as OpenAI, OpenRouter, Claude, and Groq can still be used even when user settings are missing, malformed, or encrypted incorrectly, provided valid API keys exist in environment variables.

Additionally, the SettingInstance model query logic has been refined to prefer ORM-based enum handling while still falling back to direct SQL when necessary.

---

Changes

🔹 Backend: Provider Handling (ai_providers.py)

• Added _get_env_api_key helper for mapping providers to environment variables:

  • OPENAI_API_KEY
  • OPENROUTER_API_KEY
  • ANTHROPIC_API_KEY
  • GROQ_API_KEY

• Enhanced provider initialization:

  • Fallback to env-based API keys when settings are missing, non-dict, or fail decryption.
  • Clear warnings and error messages when falling back to environment keys.

• Improved settings decryption flow:

  • Detects encrypted values and attempts decryption before JSON parsing.
  • Falls back gracefully with warnings if decryption fails.

• Updated get_all_models:

  • Supports env-based API keys when settings are absent or invalid.
  • Robust parsing with error handling for encrypted and malformed JSON.
  • Adds detailed error collection per provider.

• Improved chat_completion:

  • Explicitly re-raises HTTPException to preserve status codes.

🔹 Backend: Settings (models/settings.py)

• Refined scope filtering:

  • Prefer ORM queries with enum conversion to benefit from automatic decryption.
  • Fall back to direct SQL query only when enum resolution fails.
  • Logs warnings and errors for clearer debugging when scope conversion fails.

---

Motivation

• Improve resilience: prevent failures when user settings are incomplete, outdated, or broken.
• Support ops/dev deployments where API keys are set via environment variables instead of stored settings.
• Maintain backward compatibility with existing encrypted settings while supporting safer parsing.
• Provide clearer debugging/logging for scope handling in SettingInstance.

---

Testing & Validation

• Tested with:

  • Valid user settings → providers initialized normally.
  • Missing settings → providers fallback to environment keys.
  • Malformed/encrypted settings → attempted decryption → fallback to env keys or appropriate HTTP 400 error.
  • Providers without env keys configured → clear error messages returned.

• Verified get_all_models loads models successfully using both settings and env keys.

• Confirmed settings scope filtering works case-insensitively and respects enum resolution.

---

Impact

• Backward-compatible with existing deployments.
• Enables smoother local/dev usage without requiring settings pre-configuration.
• Improves reliability of multi-provider model loading (get_all_models).
• Reduces silent failures by surfacing meaningful errors and warnings.

---

Checklist

• Added _get_env_api_key helper
• Implemented env fallback for OpenAI, OpenRouter, Claude, Groq
• Improved encrypted settings parsing and error handling
• Updated get_all_models with robust parsing + env fallback
• Enhanced chat_completion error handling
• Refined SettingInstance ORM vs direct SQL logic
• Validated behavior across normal, missing, malformed, and env-based configs