Skip to content

fix(acp): allow configured provider auth#934

Draft
tt-a1i wants to merge 1 commit into
MoonshotAI:mainfrom
tt-a1i:fix/acp-config-auth
Draft

fix(acp): allow configured provider auth#934
tt-a1i wants to merge 1 commit into
MoonshotAI:mainfrom
tt-a1i:fix/acp-config-auth

Conversation

@tt-a1i

@tt-a1i tt-a1i commented Jun 20, 2026

Copy link
Copy Markdown

Related Issue

Resolve #799

Problem

kimi acp only treated OAuth tokens as authenticated. A user with a configured default model/provider and API-key credentials could use the normal CLI, but ACP still returned auth_required and asked for terminal login.

What changed

  • keep the existing OAuth-token auth path as the first check
  • allow ACP auth when the configured default model resolves to a provider with non-OAuth credentials
  • match runtime config semantics by using exact model/provider keys, rejecting mixed api_key + oauth, and keeping invalid configs behind auth_required
  • add auth-gate coverage for API key providers, env-table credentials, invalid config shapes, and OAuth-token short-circuiting
  • add a patch changeset for the CLI package

Validation

  • pnpm --filter @moonshot-ai/acp-adapter exec vitest run test/auth-gate.test.ts
  • pnpm --filter @moonshot-ai/acp-adapter run test
  • pnpm --filter @moonshot-ai/acp-adapter run typecheck
  • pnpm --filter @moonshot-ai/acp-adapter run build
  • pnpm --filter @moonshot-ai/kimi-code run typecheck
  • pnpm exec oxlint --type-aware packages/acp-adapter/src/server.ts packages/acp-adapter/test/auth-gate.test.ts --quiet
  • git diff --check

Review

Ran read-only subagent review twice. First pass found two auth-gate edge cases around identifier trimming and mixed OAuth/API-key config; both are fixed. Second pass found no blockers. Ran a separate public-info scan; no sensitive/internal data found.

Checklist

  • I have read the CONTRIBUTING document.
  • I have linked a related issue, or explained the problem above.
  • I have added tests that prove my fix works.
  • Ran gen-changesets skill, or this PR needs no changeset.
  • Ran gen-docs skill, or this PR needs no doc update.

AI Assistance Disclosure

I used Codex to review the changes, sanity-check the implementation against existing patterns, and help spot potential edge cases.

@changeset-bot

changeset-bot Bot commented Jun 20, 2026

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: 9c1b97f

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@moonshot-ai/kimi-code Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

## kimi acp requires --login authentication and ignores setting.toml config — inconsistent with terminal auth behavior

1 participant

@tt-a1i