refactor: apiKeyEnv → apiKey, store actual secret in config #528

New Issue

2026-05-26T05:10:18Z

xiaonuo commented

2026-05-26 05:10:18 +00:00

Problem

Currently ProviderConfig.apiKeyEnv stores an environment variable name (e.g. DASHSCOPE_API_KEY), and the runtime does process.env[apiKeyEnv] to get the actual key.

Since ~/.uncaged/workflow/config.yaml is a local runtime directory (never committed to git), there is no reason to indirect through env vars. This adds unnecessary complexity.

Proposal

Rename apiKeyEnv → apiKey and store the actual API key value directly in config.

Changes Required

Package	File	Change
workflow-protocol	`src/types.ts`	`ProviderConfig.apiKeyEnv` → `apiKey`
workflow-util-agent	`src/extract.ts`	`process.env[providerEntry.apiKeyEnv]` → `providerEntry.apiKey`
workflow-util-agent	`src/storage.ts`	Validation: `apiKeyEnv` → `apiKey`
cli-workflow	`src/commands/setup.ts`	Write actual key value instead of env var name
cli-workflow	`src/commands/config.ts`	`maskApiKeys` — mask `apiKey` field instead of `apiKeyEnv`
cli-workflow	tests	Update all references

Behavior

uwf setup prompts for the API key and writes it directly to config.yaml
uwf config list still masks the key (show first 4 + last 4 chars)
uwf config get providers.<name>.apiKey returns the full key
No more process.env lookup for API keys

Acceptance Criteria

ProviderConfig type uses apiKey: string
extract.ts uses providerEntry.apiKey directly
setup writes actual key value to config
config list masks apiKey values
All existing tests updated and passing
Breaking change — no backward compat needed

— 小橘 🍊（NEKO Team）

## Problem Currently `ProviderConfig.apiKeyEnv` stores an **environment variable name** (e.g. `DASHSCOPE_API_KEY`), and the runtime does `process.env[apiKeyEnv]` to get the actual key. Since `~/.uncaged/workflow/config.yaml` is a local runtime directory (never committed to git), there is no reason to indirect through env vars. This adds unnecessary complexity. ## Proposal Rename `apiKeyEnv` → `apiKey` and store the actual API key value directly in config. ### Changes Required | Package | File | Change | |---------|------|--------| | workflow-protocol | `src/types.ts` | `ProviderConfig.apiKeyEnv` → `apiKey` | | workflow-util-agent | `src/extract.ts` | `process.env[providerEntry.apiKeyEnv]` → `providerEntry.apiKey` | | workflow-util-agent | `src/storage.ts` | Validation: `apiKeyEnv` → `apiKey` | | cli-workflow | `src/commands/setup.ts` | Write actual key value instead of env var name | | cli-workflow | `src/commands/config.ts` | `maskApiKeys` — mask `apiKey` field instead of `apiKeyEnv` | | cli-workflow | tests | Update all references | ### Behavior - `uwf setup` prompts for the API key and writes it directly to `config.yaml` - `uwf config list` still masks the key (show first 4 + last 4 chars) - `uwf config get providers.<name>.apiKey` returns the full key - No more `process.env` lookup for API keys ## Acceptance Criteria - [ ] `ProviderConfig` type uses `apiKey: string` - [ ] `extract.ts` uses `providerEntry.apiKey` directly - [ ] `setup` writes actual key value to config - [ ] `config list` masks `apiKey` values - [ ] All existing tests updated and passing - [ ] Breaking change — no backward compat needed — 小橘 🍊（NEKO Team）

xiaonuo referenced this issue

2026-05-26 05:30:18 +00:00

idea: LSP-powered refactor tools to reduce agent turns #529

xiaoju referenced this issue from a commit

2026-05-26 05:33:43 +00:00

refactor(protocol,cli,agent): replace apiKeyEnv with apiKey (#528)

xiaoju referenced a pull request that will close this issue

2026-05-26 05:34:20 +00:00

refactor: apiKeyEnv → apiKey, store actual secret in config #530

xiaoju referenced this issue from a commit

2026-05-26 05:37:04 +00:00

docs: update all documentation to reflect apiKey refactoring (#528)

xiaonuo closed this issue

2026-05-26 05:37:52 +00:00

Sign in to join this conversation.

Branches Tags

main

chore/migrate-ocas

retrospect/fix-committer-tea

retrospect/solve-issue-fixes

fix/517-expand-skill

fix/574-silent-fail-handling

fix/573-unify-cas-store

fix/571-current-role

fix/567-trim-leading-whitespace

fix/566-adapter-json-stdout

fix/544-remove-legacy-frontmatter

fix/553-edge-prompt-empty

fix/557-step-show-json-escape

fix/559-thread-show-status

fix/561-thread-start-cwd-option

fix/558-thread-edge-location

fix/531-config-mask-apikey

fix/532-config-key-validation

fix/533-double-prefix

fix/551-hermes-bin-engines

fix/549-commit-scope

feat/541-skill-developer

feat/539-skill-author

feat/538-skill-user

feat/540-skill-actor

fix/ci-skip-integration-tests

fix/535-sqlite-fallback

fix/531-532-533

fix/528-refactor-apikey

fix/526-config-subcommand

fix/522-cancelled-thread-status

fix/523-bin-entry-point

fix/519-read-session-file

fix/enum-multi-exit-validation

fix/remove-chinese-cli-output

feat/424-setup-agent-discovery

fix/hermes-integration-test-import

fix/449-reduce-dashboard-complexity

refactor/512-rename-packages

chore/510-open-source-readiness

chore/solve-issue-portable

fix/489-step-timing

fix/506-semantic-validation

feat/502-oneOf-output-instruction

feat/499-phase2-discriminated-union

feat/499-dollar-status

fix/497-update-docs

feat/490-phase3-dashboard

feat/490-phase2-yaml-migration

feat/490-status-routing

fix/487-refactor-step-read

fix/484-step-read-command

fix/480-thread-read-quota

fix/481-cas-has-exit-code

fix/474-tea-pr-worktree-fix

fix/469-step-commands-completed-threads

fix/473-first-time-role-context

fix/471-thread-list-filters

fix/466-continuation-prompt-content

chore/cleanup-cli-docs

fix/463-http-methods

fix/464-worktree-isolation

fix/461-per-agent-session-cache

fix/459-xml-tag-isolation

fix/444-biome-complexity-warnings

fix/456-thread-step-background

fix/448-reduce-complexity

fix/445-reduce-setup-complexity

fix/446-reduce-thread-complexity

docs/sync-readme

fix/447-reduce-loop-complexity

fix/439-detail-merge-and-acp

fix/440-thread-read-prompt-dedup

fix/builtin-session-lifecycle

debug/439-raw-ndjson-dump

fix/428-multi-strategy-workflow-resolution

fix/yaml-no-alias

feat/428-workflow-resolution

feat/turn-jsonl-session

feat/426-builtin-session-resume

fix/builtin-agent-system-user-split

feat/422-claude-code-detail-enrichment

feat/builtin-agent

test/418-resume-e2e-repro

chore/update-cli-reference

fix/413-log-subcommands

feat/411-process-logger

feat/405-phase2-find-last-role-index

feat/405-edge-prompt-required

feat/402-edge-prompt-session-resume

feat/398-hermes-acp-client

fix/395-worktree-hygiene

feat/391-workflow-agent-claude-code

jshang/workflow-dashboard

fix/394-forbid-extra-frontmatter-fields

feat/335-setup-validate-model

fix/389-dynamic-format-instruction

fix/388-frontmatter-dynamic-fields

fix/385-revert-output-protocol

feat/384-agent-session-protocol

feat/remove-llm-extract

feat/cas-put-text

fix/380-hermes-quiet-flag

feat/373-thread-step-count

fix/fallback-transition-validation

feat/376-first-last-jsonata

refactor/374-meta-to-frontmatter

feat/370-solve-issue-workflow

feat/369-uwf-skill-cli

chore/ignore-legacy-biome

feat/365-project-local-workflows

refactor/364-rename-role-fields

feat/359-role-four-phase

chore/rename-uwf-to-workflow

chore/repo-restructure

feat/357-thread-read-content

feat/355-uwf-frontmatter

feat/351-phase3-prompt-focus

feat/351-phase2-adapter-frontmatter

feat/351-frontmatter-markdown-phase1

feat/349-thread-read

fix/348-session-id-stderr

fix/342-parse-session-id

fix/342-fork-simplify

feat/342-thread-steps-fork

refactor/simplify-agent-context

refactor/pass-store-via-context

feat/337-agent-detail-merkle

feat/cas-reindex

refactor/use-list-by-type

refactor/merge-cas-get-cat

refactor/remove-table-format

fix/328-table-vertical

user/jiayiyan/feat_office-agent-document-template-v2

feat/328-format-option

fix/319-cas-json-output

fix/319-validate-schema-only-inline

fix/319-schema-titles

feat/319-uwf-cas-builtin

user/jiayiyan/feat_office-agent-document-template

feat/309-uwf-stateless

feat/285-phase3-x-cas-ref

chore/remove-old-templates

feat/294-phase7-cli

private/json-cas-refactor

feat/294-phase5-react-layer

feat/294-phase4-engine-migration

feat/294-phase3-workflow-json

feat/294-jsonata-moderator

docs/architecture-cards

feat/285-phase2-remove-extractrefs

feat/285-cas-ref-annotation

chore/fix-biome-complexity-warnings

refactor/agent-fn-required-opt

chore/audit-exports-cleanup

chore/remove-symlink-dead-code

chore/no-external-bundle

feat/show-system-prompt

chore/205-env-example

chore/biome-fix-and-pre-push-hook

chore/remove-parentRequired-param

fix/265-flaky-thread-rm

feat/workflow-detail-layout

chore/252-remove-text-adapter

feat/261-adapter-migration

feat/252-agent-fn

feat/graph-interactions

fix/dashboard-graph-side-handles

fix/dashboard-graph-visual-247

fix/cursor-agent-runtime-extract

refactor/serve-remove-http-tunnel

chore/slim-role-output

feat/changesets-version-management

chore/bump-0.4.0

chore/merge-publish-scripts

chore/remove-link-all

feat/merge-publish-scripts

fix/auto-discover-publish

refactor/dashboard-custom-spine-layout

fix/cli-bin-path

fix/dashboard-elk-review-feedback

feat/dashboard-elk-layout

fix/skill-author-pitfalls

fix/publish-lockfile-regen

feat/210-ws-gateway-phase2

refactor/thread-detail-side-by-side-layout

feat/210-ws-gateway-phase1

feat/222-tools-smoke-test-phase3

feat/222-react-adapter-phase2

feat/222-adapter-fn-phase1

fix/219-review-followup

feat/216-setup-and-build-scripts

fix/206-bundle-build-register

feat/197-agent-observability

feat/198-dashboard-workflow-graph

feat/194-merkle-call-stack-phase2

refactor/200-moderator-table

feat/194-merkle-call-stack-phase1

feat/cursor-agent-workspace-extract

fix/191-dashboard-thread-sort

feat/187-end-node-llm-summary

refactor/185-remove-max-rounds

refactor/180-simplify-extract-fn

feat/177-gateway-route-reorg

feat/172-declarative-moderator-table

fix/170-thread-status-detection

feat/164-cf-worker-gateway

fix/161-162-cas-content-refs

feat/155-cas-thread-phase-5

feat/155-cas-thread-phase-4

feat/155-cas-thread-phase-3

feat/155-cas-thread-phase-2

feat/155-cas-thread-phase-1

chore/rename-dashboard-folder

refactor/143-split-packages

feat/139-thread-reactor

refactor/runtime-descriptor-boundary

fix/128-dashboard-enhancements

fix/130-sse-incremental

fix/120-serve-hardening

feat/131-dashboard-sse

refactor/thread-context-runtime

feat/118-serve-write-sse

feat/118-dashboard

refactor/121-split-workflow-runtime

feat/118-serve-api

chore/bump-0.2.0

feat/110-phase3-supervisor

chore/114-remove-deprecated

feat/110-phase2-migrate-extract

docs/package-readmes

feat/110-phase1-config-layer

chore/108-cli-module-discipline

chore/106-workflow-module-discipline

chore/cleanup-cas-thread-id

refactor/102-module-folders

refactor/97-phase4-cleanup

refactor/96-phase3-split-dispatch

refactor/95-phase2-control-merge

chore/remove-build-scripts

refactor/93-phase1-directory-restructure

feat/91-reviewer-prompt

docs/88-readme-architecture-cleanup

fix/85-usage-format

fix/83-cli-ux

feat/81-skill-topics

fix/75-nits

refactor/75-merge-roles-phase1

refactor/71-auto-gen-skill-doc

feat/63-workflow-storage-root

feat/69-help-skill

refactor/cli-noun-verb-grouping

feat/59-solve-issue-refactor

feat/37-live-command

feat/58-develop-workflow

feat/36-init-command

feat/44-react-extract

feat/43-extract-provider-config

feat/42-thread-root-node

feat/41-merkle-content-cas

feat/33-workflow-as-agent

feat/32-cas-gc

feat/31-refs-tracking

feat/30-global-cas

feat/28-preparer-role

fix/26-planner-cas-cli-prompt

test/19-validate-workflow-descriptor

feat/23-phase-title-in-planner-meta

fix/21-moderator-coder-transition

fix/review-feedback-and-typecheck

fix/type-errors-and-tsbuildinfo

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: uncaged/workflow#528