fix: use role's allowed model from OpenBao secret instead of hardcoded model ID
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
This commit is contained in:
Zoë
parent
80e0421be5
commit
5c15e0ba5e
1 changed files with 17 additions and 9 deletions
|
|
@ -74,14 +74,21 @@ def get_secret(bao_token: str, path: str, key: str) -> str:
|
||||||
def fetch_role_secrets(bao_token: str, role: str) -> dict:
|
def fetch_role_secrets(bao_token: str, role: str) -> dict:
|
||||||
"""Fetch all secrets for a role. Returns dict of secret_name -> value."""
|
"""Fetch all secrets for a role. Returns dict of secret_name -> value."""
|
||||||
secrets = {}
|
secrets = {}
|
||||||
secret_names = ["litellm-key"]
|
try:
|
||||||
for name in secret_names:
|
resp = httpx.get(
|
||||||
try:
|
f"{OPENBAO_ADDR}/v1/secret/data/autojanet/{role}/litellm-key",
|
||||||
key = "key"
|
headers={"X-Vault-Token": bao_token},
|
||||||
secrets[name] = get_secret(bao_token, f"autojanet/{role}/{name}", key)
|
timeout=10,
|
||||||
log.info("Fetched secret: %s", name)
|
)
|
||||||
except Exception as e:
|
resp.raise_for_status()
|
||||||
log.warning("Could not fetch %s: %s", name, e)
|
data = resp.json()["data"]["data"]
|
||||||
|
secrets["litellm-key"] = data["key"]
|
||||||
|
# Use first allowed model; fall back to a sensible default
|
||||||
|
models = data.get("models", [])
|
||||||
|
secrets["litellm-model"] = models[0] if models else "copilot/claude-sonnet-4.5"
|
||||||
|
log.info("Fetched litellm-key; model=%s", secrets["litellm-model"])
|
||||||
|
except Exception as e:
|
||||||
|
log.warning("Could not fetch litellm-key: %s", e)
|
||||||
return secrets
|
return secrets
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -90,6 +97,7 @@ def write_opencode_config(secrets: dict, role: str) -> None:
|
||||||
CONFIG_DIR.mkdir(parents=True, exist_ok=True)
|
CONFIG_DIR.mkdir(parents=True, exist_ok=True)
|
||||||
|
|
||||||
litellm_key = secrets.get("litellm-key", "")
|
litellm_key = secrets.get("litellm-key", "")
|
||||||
|
litellm_model = f"litellm/{secrets.get('litellm-model', 'copilot/claude-sonnet-4.5')}"
|
||||||
|
|
||||||
# Set the LiteLLM API key as env var — opencode reads OPENAI_API_KEY for
|
# Set the LiteLLM API key as env var — opencode reads OPENAI_API_KEY for
|
||||||
# openai-compatible providers
|
# openai-compatible providers
|
||||||
|
|
@ -97,7 +105,7 @@ def write_opencode_config(secrets: dict, role: str) -> None:
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
"$schema": "https://opencode.ai/config.json",
|
"$schema": "https://opencode.ai/config.json",
|
||||||
"model": "litellm/copilot/claude-sonnet-4.6",
|
"model": litellm_model,
|
||||||
"provider": {
|
"provider": {
|
||||||
"litellm": {
|
"litellm": {
|
||||||
"npm": "@ai-sdk/openai-compatible",
|
"npm": "@ai-sdk/openai-compatible",
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue