claw-web-v2

Sleeping

Claw Web commited on Apr 3

Commit

a51697c

1 Parent(s): 3705a49

fix: protect API config from corrupted settings — hardcoded fallbacks + sanitization

- resolveApiConfig: FALLBACK_URL and FALLBACK_MODEL hardcoded
- ENV.forgeApiUrl fallback to https://router.huggingface.co/v1
- ENV.forgeApiKey fallback to process.env.BUILT_IN_FORGE_API_KEY
- Custom provider path: fallback to FALLBACK_URL when no provider match
- chat-endpoint.ts: sanitize all settings before passing to agent
- Empty strings, 'default' provider, non-http URLs all treated as null
- temperature/topP use ?? instead of || to preserve 0 values
- Debug logging in resolveApiConfig for troubleshooting

Files changed (2) hide show

server/runtime/agent.ts +44 -34
server/runtime/chat-endpoint.ts +12 -6

server/runtime/agent.ts CHANGED Viewed

@@ -210,48 +210,56 @@ const RETRY_BASE_DELAY_MS = 2000;
  * Resolve the API URL and key based on provider config
  */
 function resolveApiConfig(config: AgentConfig) {
   // Treat empty, null, masked, or built-in providers as "use server default"
   const hasCustomKey = config.apiKey && config.apiKey.length > 4 && !config.apiKey.startsWith("••••");
   if (config.apiProvider === "claw" || config.apiProvider === "default" || config.apiProvider === "huggingface" || !hasCustomKey) {
-    // Resolve model aliases
-    const aliasMap: Record<string, string> = {
-      // Xiaomi MiMo (default)
-      mimo: "XiaomiMiMo/MiMo-V2-Flash",
-      "mimo-flash": "XiaomiMiMo/MiMo-V2-Flash",
-      "mimo-v2": "XiaomiMiMo/MiMo-V2-Flash",
-      // Qwen models
-      "qwen-coder": "Qwen/Qwen3-Coder-Next",
-      "qwen3-8b": "Qwen/Qwen3-8B",
-      "qwen3-coder": "Qwen/Qwen3-Coder-30B-A3B-Instruct",
-      // Llama
-      llama: "meta-llama/Llama-3.3-70B-Instruct",
-      "llama-70b": "meta-llama/Llama-3.3-70B-Instruct",
-      // DeepSeek
-      deepseek: "deepseek-ai/DeepSeek-V3.2",
-      "deepseek-r1": "deepseek-ai/DeepSeek-R1",
-      // OpenAI GPT-5.x family (if user has OpenAI key)
-      "gpt5": "gpt-5.4",
-      "gpt-5": "gpt-5.4",
-      "gpt54": "gpt-5.4",
-      // Anthropic aliases (for compatibility)
-      opus: "claude-opus-4-6",
-      sonnet: "claude-sonnet-4-6",
-      haiku: "claude-haiku-4-5-20251213",
-      // xAI
-      grok: "grok-3",
-      "grok-3": "grok-3",
-    };
-    const defaultModel = process.env.DEFAULT_MODEL || "XiaomiMiMo/MiMo-V2-Flash";
     const resolvedModel = aliasMap[config.model] || config.model || defaultModel;
     // Use BUILT_IN_FORGE_API_URL from env — HuggingFace router or OpenAI
-    const baseUrl = ENV.forgeApiUrl.replace(/\/$/, "");
     return {
       url: `${baseUrl}/chat/completions`,
-      key: ENV.forgeApiKey,
-      model: resolvedModel,
     };
   }
   let baseUrl = config.apiBaseUrl || "";
   if (!baseUrl) {
     const providers: Record<string, string> = {
@@ -262,13 +270,15 @@ function resolveApiConfig(config: AgentConfig) {
       anthropic: "https://api.anthropic.com/v1",
       ollama: "http://localhost:11434/v1",
     };
-    baseUrl = providers[config.apiProvider] || "";
   }
   return {
     url: `${baseUrl.replace(/\/$/, "")}/chat/completions`,
     key: config.apiKey,
-    model: config.model,
   };
 }

  * Resolve the API URL and key based on provider config
  */
 function resolveApiConfig(config: AgentConfig) {
+  // ─── HARDCODED FALLBACK — always works even if settings are corrupted ───
+  const FALLBACK_URL = "https://router.huggingface.co/v1";
+  const FALLBACK_MODEL = "XiaomiMiMo/MiMo-V2-Flash";
+  // Resolve model aliases (used for both default and custom paths)
+  const aliasMap: Record<string, string> = {
+    // Xiaomi MiMo (default)
+    mimo: "XiaomiMiMo/MiMo-V2-Flash",
+    "mimo-flash": "XiaomiMiMo/MiMo-V2-Flash",
+    "mimo-v2": "XiaomiMiMo/MiMo-V2-Flash",
+    // Qwen models
+    "qwen-coder": "Qwen/Qwen3-Coder-Next",
+    "qwen3-8b": "Qwen/Qwen3-8B",
+    "qwen3-coder": "Qwen/Qwen3-Coder-30B-A3B-Instruct",
+    // Llama
+    llama: "meta-llama/Llama-3.3-70B-Instruct",
+    "llama-70b": "meta-llama/Llama-3.3-70B-Instruct",
+    // DeepSeek
+    deepseek: "deepseek-ai/DeepSeek-V3.2",
+    "deepseek-r1": "deepseek-ai/DeepSeek-R1",
+    // OpenAI GPT-5.x family (if user has OpenAI key)
+    "gpt5": "gpt-5.4",
+    "gpt-5": "gpt-5.4",
+    "gpt54": "gpt-5.4",
+    // Anthropic aliases (for compatibility)
+    opus: "claude-opus-4-6",
+    sonnet: "claude-sonnet-4-6",
+    haiku: "claude-haiku-4-5-20251213",
+    // xAI
+    grok: "grok-3",
+    "grok-3": "grok-3",
+  };
   // Treat empty, null, masked, or built-in providers as "use server default"
   const hasCustomKey = config.apiKey && config.apiKey.length > 4 && !config.apiKey.startsWith("••••");
   if (config.apiProvider === "claw" || config.apiProvider === "default" || config.apiProvider === "huggingface" || !hasCustomKey) {
+    const defaultModel = process.env.DEFAULT_MODEL || FALLBACK_MODEL;
     const resolvedModel = aliasMap[config.model] || config.model || defaultModel;
     // Use BUILT_IN_FORGE_API_URL from env — HuggingFace router or OpenAI
+    const baseUrl = (ENV.forgeApiUrl || FALLBACK_URL).replace(/\/$/, "");
+    const apiKey = ENV.forgeApiKey || process.env.BUILT_IN_FORGE_API_KEY || "";
+    console.log(`[agent] resolveApiConfig: using server default. URL=${baseUrl}, model=${resolvedModel}, hasKey=${!!apiKey}`);
     return {
       url: `${baseUrl}/chat/completions`,
+      key: apiKey,
+      model: resolvedModel || FALLBACK_MODEL,
     };
   }
+  // Custom provider path — user has their own API key
   let baseUrl = config.apiBaseUrl || "";
   if (!baseUrl) {
     const providers: Record<string, string> = {
       anthropic: "https://api.anthropic.com/v1",
       ollama: "http://localhost:11434/v1",
     };
+    baseUrl = providers[config.apiProvider] || FALLBACK_URL;
   }
+  const resolvedModel = aliasMap[config.model] || config.model || FALLBACK_MODEL;
+  console.log(`[agent] resolveApiConfig: custom provider. URL=${baseUrl}, model=${resolvedModel}`);
   return {
     url: `${baseUrl.replace(/\/$/, "")}/chat/completions`,
     key: config.apiKey,
+    model: resolvedModel,
   };
 }

server/runtime/chat-endpoint.ts CHANGED Viewed

@@ -105,14 +105,20 @@ export async function handleChatStream(req: Request, res: Response) {
     const effortLevel = getEffortLevel(sessionId);
     // Build config from settings
     const config = {
-      model: session.model || settings?.model || process.env.DEFAULT_MODEL || "XiaomiMiMo/MiMo-V2-Flash",
-      apiProvider: session.provider || settings?.apiProvider || "huggingface",
-      apiKey: (settings?.apiKey && settings.apiKey.length > 4 && !settings.apiKey.startsWith("••••")) ? settings.apiKey : null,
-      apiBaseUrl: settings?.apiBaseUrl || null,
       maxTokens: settings?.maxTokens || 16384,
-      temperature: settings?.temperature || 0.7,
-      topP: settings?.topP || 1,
       systemPrompt: buildSystemPrompt({
         memory: settings?.memoryContent,
         effortLevel,

     const effortLevel = getEffortLevel(sessionId);
     // Build config from settings
+    // Sanitize settings — treat empty strings, "default", and masked values as null
+    const sanitizedModel = session.model || (settings?.model && settings.model.trim()) || process.env.DEFAULT_MODEL || "XiaomiMiMo/MiMo-V2-Flash";
+    const sanitizedProvider = session.provider || (settings?.apiProvider && settings.apiProvider !== "default" && settings.apiProvider.trim()) || "huggingface";
+    const sanitizedKey = (settings?.apiKey && settings.apiKey.length > 4 && !settings.apiKey.startsWith("••••")) ? settings.apiKey : null;
+    const sanitizedBaseUrl = (settings?.apiBaseUrl && settings.apiBaseUrl.trim() && settings.apiBaseUrl.startsWith("http")) ? settings.apiBaseUrl : null;
     const config = {
+      model: sanitizedModel,
+      apiProvider: sanitizedProvider,
+      apiKey: sanitizedKey,
+      apiBaseUrl: sanitizedBaseUrl,
       maxTokens: settings?.maxTokens || 16384,
+      temperature: settings?.temperature ?? 0.7,
+      topP: settings?.topP ?? 1,
       systemPrompt: buildSystemPrompt({
         memory: settings?.memoryContent,
         effortLevel,