Prefer the logged-in key over VALYU_API_KEY#72
Merged
Conversation
Change key resolution precedence from (flag > env > config) to (flag > config > env). A `valyu login` mints a scoped key and stores it in the config; previously an ambient VALYU_API_KEY env var still won, so users who already had that env var set would log in, mint a key, and silently keep using the old env-var key - hitting confusing 'missing scope' errors on every account command. Now the logged-in key takes precedence, so nobody has to unset VALYU_API_KEY after logging in. The env var remains the fallback when there is no login (CI, unauthenticated), so those flows are unchanged, and `--api-key` stays the ultimate one-off override. `valyu login` now also prints a note when VALYU_API_KEY is set, so the precedence is visible. Adds hermetic tests (temp XDG_CONFIG_HOME) covering config-over-env, flag priority, and the no-login env fallback. Bumps to 1.2.1.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
A user who already has
VALYU_API_KEYset in their shell runsvalyu login, approves the device flow, and sees "Logged in" - but everyvalyu accountcommand then fails withmissing scope 'keys:read'/'billing:read'/'keys:write'.Cause: key resolution precedence was flag → env → config.
valyu loginmints a scoped key into the config file, but the ambientVALYU_API_KEY(often an older,inference-only key) kept winning, so the freshly-minted key was never used.valyu whoamigives it away -Source: environment variable (VALYU_API_KEY). The login was effectively a silent no-op, and the only fix was to manuallyunset VALYU_API_KEY.Change
Precedence is now flag → config (logged-in key) → env:
valyu loginis a stronger signal of intent than an ambient env var, so the logged-in key wins. Users no longer need to unsetVALYU_API_KEY.VALYU_API_KEYremains the fallback when there is no login (CI, unauthenticated) - those flows are unchanged.--api-keystays the ultimate one-off override.valyu loginnow prints a note whenVALYU_API_KEYis set, so the precedence is visible rather than surprising.Tradeoff: a user who has both a login and
VALYU_API_KEYset and wants the env var to win must now use--api-key(orvalyu logout). That's the intended behaviour - the logged-in identity should be authoritative.Tests
Rewrote
config.test.tsto be hermetic (tempXDG_CONFIG_HOME, so it never reads the developer's real credentials) and added coverage:VALYU_API_KEY← the fixpnpm typecheck+pnpm test(49 tests) green. Bumps 1.2.0 → 1.2.1.🤖 Generated with Claude Code
Need help on this PR? Tag
/codesmithwith what you need. Autofix is disabled.