refactor(protocol,cli,agent): replace apiKeyEnv with apiKey (#528)

Breaking change: Store API keys directly in config.yaml instead of environment variable names. ## Changes ### @uncaged/workflow-protocol - Change ProviderConfig.apiKeyEnv: string → apiKey: string - Update README to reflect new type ### @uncaged/workflow-util-agent - extract.ts: Remove dotenv loading, use providerEntry.apiKey directly - storage.ts: Update normalizeProviders to validate apiKey field - Update error messages to reference apiKey instead of apiKeyEnv ### @uncaged/cli-workflow - setup.ts: Write actual API key to config.yaml, not .env - Remove apiKeyEnvName(), loadEnvFile(), saveEnvFile() functions - Remove getEnvPath() function - Update cmdSetup to not return envPath in result - Update README to reflect config.yaml stores API keys - Fix setup-validate.test.ts to not expect envPath in result ## Verification - ✅ bun run build passes - ✅ All tests pass (260/260 in cli-workflow, 55/55 in util-agent) - ✅ bun run check passes (only pre-existing warnings) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-26 05:23:33 +00:00
parent 0097633a3b
commit 0c90b88e08
7 changed files with 14 additions and 62 deletions
@@ -119,7 +119,7 @@ uwf setup --provider openai --base-url https://api.openai.com/v1 \
  --api-key sk-... --model gpt-4o --agent hermes
 ```

-Config: `~/.uncaged/workflow/config.yaml`. API keys: `~/.uncaged/workflow/.env`.
+Config: `~/.uncaged/workflow/config.yaml` (includes API keys).

 ### Skill

@@ -129,9 +129,8 @@ describe("cmdSetup with validation", () => {
    const result = await cmdSetup(setupArgs());

    expect(result.validation).toEqual({ ok: true, value: undefined });
-    // Config files should still be written
+    // Config file should still be written
    expect(result.configPath).toBeTruthy();
-    expect(result.envPath).toBeTruthy();
  });

  test("includes validation failure — config still saved", async () => {
@@ -143,8 +142,7 @@ describe("cmdSetup with validation", () => {

    expect(result.validation).toBeDefined();
    expect((result.validation as { ok: boolean }).ok).toBe(false);
-    // Config files should still be written despite validation failure
+    // Config file should still be written despite validation failure
    expect(result.configPath).toBeTruthy();
-    expect(result.envPath).toBeTruthy();
  });
 });
@@ -85,10 +85,6 @@ function getConfigPath(root: string): string {
  return join(root, "config.yaml");
 }

-function getEnvPath(root: string): string {
-  return join(root, ".env");
-}
-
 /**
 * Load existing config.yaml or return empty structure.
 */
@@ -106,37 +102,6 @@ function loadExistingConfig(configPath: string): Record<string, unknown> {
  return {};
 }

-/**
- * Load existing .env as key=value map.
- */
-function loadEnvFile(envPath: string): Record<string, string> {
-  const env: Record<string, string> = {};
-  try {
-    if (existsSync(envPath)) {
-      for (const line of readFileSync(envPath, "utf8").split("\n")) {
-        const trimmed = line.trim();
-        if (trimmed === "" || trimmed.startsWith("#")) continue;
-        const eq = trimmed.indexOf("=");
-        if (eq > 0) {
-          env[trimmed.slice(0, eq)] = trimmed.slice(eq + 1);
-        }
-      }
-    }
-  } catch {
-    // ignore
-  }
-  return env;
-}
-
-function saveEnvFile(envPath: string, env: Record<string, string>): void {
-  const lines = Object.entries(env).map(([k, v]) => `${k}=${v}`);
-  writeFileSync(envPath, `${lines.join("\n")}\n`, "utf8");
-}
-
-function apiKeyEnvName(providerName: string): string {
-  return `${providerName.toUpperCase().replace(/[^A-Z0-9]/g, "_")}_API_KEY`;
-}
-
 // ──────────────────────────────────────────────────────────────────────────────
 // Extracted helpers — _discoverAgents
 // ──────────────────────────────────────────────────────────────────────────────
@@ -397,8 +362,7 @@ function mergeConfig(existing: Record<string, unknown>, args: SetupArgs): Record
      : {}
  ) as Record<string, unknown>;

-  const envName = apiKeyEnvName(args.provider);
-  providers[args.provider] = { baseUrl: args.baseUrl, apiKeyEnv: envName };
+  providers[args.provider] = { baseUrl: args.baseUrl, apiKey: args.apiKey };

  const models = (
    typeof existing.models === "object" && existing.models !== null
@@ -437,25 +401,17 @@ export async function cmdSetup(args: SetupArgs): Promise<Record<string, unknown>
  mkdirSync(storageRoot, { recursive: true });

  const configPath = getConfigPath(storageRoot);
-  const envPath = getEnvPath(storageRoot);

  const existing = loadExistingConfig(configPath);
  const merged = mergeConfig(existing, args);

  writeFileSync(configPath, stringify(merged, { indent: 2 }), "utf8");

-  // Write API key to .env
-  const envName = apiKeyEnvName(args.provider);
-  const envData = loadEnvFile(envPath);
-  envData[envName] = args.apiKey;
-  saveEnvFile(envPath, envData);
-
  // Validate model connectivity
  const validation = await validateModel(args.baseUrl, args.apiKey, args.model);

  return {
    configPath,
-    envPath,
    provider: args.provider,
    model: args.model,
    defaultAgent: merged.defaultAgent,
@@ -100,7 +100,7 @@ type ProviderAlias = string;
 type ModelAlias = string;
 type AgentAlias = string;

-type ProviderConfig = { baseUrl: string; apiKeyEnv: string };
+type ProviderConfig = { baseUrl: string; apiKey: string };
 type ModelConfig = {
  provider: ProviderAlias;
  name: string;
@@ -151,7 +151,7 @@ export type Scenario = string;

 export type ProviderConfig = {
  baseUrl: string;
-  apiKeyEnv: string;
+  apiKey: string;
 };

 export type ModelConfig = {
@@ -1,8 +1,7 @@
 import { getSchema, validate } from "@uncaged/json-cas";

 import type { CasRef, ModelAlias, WorkflowConfig } from "@uncaged/workflow-protocol";
-import { config as loadDotenv } from "dotenv";
-import { createAgentStore, getEnvPath, resolveStorageRoot } from "./storage.js";
+import { createAgentStore, resolveStorageRoot } from "./storage.js";

 export type ResolvedLlmProvider = {
  baseUrl: string;
@@ -38,9 +37,9 @@ export function resolveModel(config: WorkflowConfig, alias: ModelAlias): Resolve
  if (providerEntry === undefined) {
    throw new Error(`unknown provider "${modelEntry.provider}" for model "${alias}"`);
  }
-  const apiKey = process.env[providerEntry.apiKeyEnv];
+  const apiKey = providerEntry.apiKey;
  if (apiKey === undefined || apiKey === "") {
-    throw new Error(`missing API key env var: ${providerEntry.apiKeyEnv}`);
+    throw new Error(`missing API key for provider: ${modelEntry.provider}`);
  }
  return {
    baseUrl: providerEntry.baseUrl,
@@ -130,7 +129,7 @@ export type ExtractResult = {

 /**
 * Call an OpenAI-compatible LLM to extract structured output matching outputSchema.
- * Loads config.yaml and .env from the workflow storage root.
+ * Loads config.yaml from the workflow storage root.
 */
 export async function extract(
  rawOutput: string,
@@ -138,7 +137,6 @@ export async function extract(
  config: WorkflowConfig,
 ): Promise<ExtractResult> {
  const storageRoot = resolveStorageRoot();
-  loadDotenv({ path: getEnvPath(storageRoot) });

  const { store } = await createAgentStore(storageRoot);
  const schema = getSchema(store, outputSchema);
@@ -84,11 +84,11 @@ function normalizeProviders(raw: unknown): Record<ProviderAlias, ProviderConfig>
      throw new Error(`config.providers.${name} must be a mapping`);
    }
    const baseUrl = entry.baseUrl;
-    const apiKeyEnv = entry.apiKeyEnv;
-    if (typeof baseUrl !== "string" || typeof apiKeyEnv !== "string") {
-      throw new Error(`config.providers.${name} requires baseUrl and apiKeyEnv`);
+    const apiKey = entry.apiKey;
+    if (typeof baseUrl !== "string" || typeof apiKey !== "string") {
+      throw new Error(`config.providers.${name} requires baseUrl and apiKey`);
    }
-    providers[name] = { baseUrl, apiKeyEnv };
+    providers[name] = { baseUrl, apiKey };
  }
  return providers;
 }