Microsoft Foundry: configure Azure API key provider headers

Write Azure-style API key provider config for Microsoft Foundry API-key auth so runtime requests use the expected api-key header without falling back to bearer auth. Add a focused extension test that locks in the generated provider config.
2026-03-21 09:49:19 +08:00 · 2026-03-21 09:49:19 +08:00 · 5a1e856359
commit 5a1e856359
parent e2f156246c
2 changed files with 30 additions and 0 deletions
--- a/extensions/microsoft-foundry/index.test.ts
+++ b/extensions/microsoft-foundry/index.test.ts
@ -3,6 +3,7 @@ import { createTestPluginApi } from "../../test/helpers/extensions/plugin-api.js
 import plugin from "./index.js";
 import type { OpenClawConfig } from "../../src/config/types.openclaw.js";
 import { isValidTenantIdentifier } from "./onboard.js";
+import { buildFoundryAuthResult } from "./shared.js";

 const execFileMock = vi.hoisted(() => vi.fn());
 const execFileSyncMock = vi.hoisted(() => vi.fn());
@ -346,4 +347,20 @@ describe("microsoft-foundry plugin", () => {
    expect(isValidTenantIdentifier("00000000-0000-0000-0000-000000000000")).toBe(true);
    expect(isValidTenantIdentifier("not a tenant")).toBe(false);
  });
+
+  it("writes Azure API key header overrides for API-key auth configs", () => {
+    const result = buildFoundryAuthResult({
+      profileId: "microsoft-foundry:default",
+      apiKey: "test-api-key",
+      endpoint: "https://example.services.ai.azure.com",
+      modelId: "gpt-4o",
+      authMethod: "api-key",
+    });
+
+    expect(result.configPatch?.models?.providers?.["microsoft-foundry"]).toMatchObject({
+      apiKey: "test-api-key",
+      authHeader: false,
+      headers: { "api-key": "test-api-key" },
+    });
+  });
 });
--- a/extensions/microsoft-foundry/shared.ts
+++ b/extensions/microsoft-foundry/shared.ts
@ -166,11 +166,20 @@ export function buildFoundryProviderConfig(
  endpoint: string,
  modelId: string,
  modelNameHint?: string | null,
+  options?: {
+    authMethod?: "api-key" | "entra-id";
+    apiKey?: SecretInput;
+  },
 ): ModelProviderConfig {
  const compat = buildFoundryModelCompat(modelId, modelNameHint);
+  const runtimeApiKey = options?.authMethod === "api-key" ? options.apiKey : undefined;
+  const isApiKeyAuth = typeof runtimeApiKey === "string";
  return {
    baseUrl: buildFoundryProviderBaseUrl(endpoint, modelId, modelNameHint),
    api: resolveFoundryApi(modelId, modelNameHint),
+    ...(isApiKeyAuth ? { apiKey: runtimeApiKey } : {}),
+    ...(isApiKeyAuth ? { authHeader: false } : {}),
+    ...(isApiKeyAuth ? { headers: { "api-key": runtimeApiKey } } : {}),
    models: [
      {
        id: modelId,
@ -270,6 +279,10 @@ export function buildFoundryAuthResult(params: {
            params.endpoint,
            params.modelId,
            params.modelNameHint,
+            {
+              authMethod: params.authMethod,
+              apiKey: params.apiKey,
+            },
          ),
        },
      },