From 002011527c8b70d3a72f9d05d82068146dd7caaf Mon Sep 17 00:00:00 2001
From: ziy <me.zyliu@gmail.com>
Date: Fri, 20 Mar 2026 20:52:04 +0800
Subject: [PATCH] fix(agents): Ollama provider always returns synthetic auth
 when no config exists

When a user sets models.primary = "ollama/..." without running the
provider setup wizard, the provider config entry does not exist in
models.providers. The previous resolveSyntheticLocalProviderAuth()
returned null early because providerConfig was undefined, causing the
auth resolver to throw "No API key found for provider ollama".

This regression (v2026.3.13) made it impossible to use Ollama local
models via direct config without interactive setup.

Fix: check for known local providers (ollama) at the top of the
function, before resolving providerConfig. For ollama, return synthetic
auth regardless of config state.

Fixes: #50759
---
 src/agents/model-auth.ts | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/src/agents/model-auth.ts b/src/agents/model-auth.ts
index e494cc71b8c..09e5c0397d9 100644
--- a/src/agents/model-auth.ts
+++ b/src/agents/model-auth.ts
@@ -167,6 +167,18 @@ function resolveSyntheticLocalProviderAuth(params: {
   cfg: OpenClawConfig | undefined;
   provider: string;
 }): ResolvedProviderAuth | null {
+  // Check for known local providers first — these should always get synthetic auth,
+  // even when the user sets models.primary without running the provider setup wizard
+  // (i.e., no explicit models.providers.{name} config entry exists).
+  const normalizedProvider = normalizeProviderId(params.provider);
+  if (normalizedProvider === "ollama") {
+    return {
+      apiKey: OLLAMA_LOCAL_AUTH_MARKER,
+      source: "models.providers.ollama (synthetic local key)",
+      mode: "api-key",
+    };
+  }
+
   const providerConfig = resolveProviderConfig(params.cfg, params.provider);
   if (!providerConfig) {
     return null;
@@ -180,15 +192,6 @@ function resolveSyntheticLocalProviderAuth(params: {
     return null;
   }
 
-  const normalizedProvider = normalizeProviderId(params.provider);
-  if (normalizedProvider === "ollama") {
-    return {
-      apiKey: OLLAMA_LOCAL_AUTH_MARKER,
-      source: "models.providers.ollama (synthetic local key)",
-      mode: "api-key",
-    };
-  }
-
   const authOverride = resolveProviderAuthOverride(params.cfg, params.provider);
   if (authOverride && authOverride !== "api-key") {
     return null;