Skip to content

feat: add IsSet method to EnvVar and improve provider auth validation#2529

Merged
akshaydeo merged 1 commit intov1.5.0from
04-06-fix_validation_in_all_provider_configuration_forms
Apr 8, 2026
Merged

feat: add IsSet method to EnvVar and improve provider auth validation#2529
akshaydeo merged 1 commit intov1.5.0from
04-06-fix_validation_in_all_provider_configuration_forms

Conversation

@impoiler
Copy link
Copy Markdown
Contributor

@impoiler impoiler commented Apr 6, 2026
edited
Loading

Summary

Improves environment variable handling for provider configurations by adding a new IsSet() method to check if an EnvVar has a value or environment variable reference, and enhances the UI with better authentication method selection and validation for Azure, Vertex AI, and Bedrock providers.

Changes

  • Added IsSet() method to EnvVar struct in Go to properly detect configured fields even when environment variables are unresolved
  • Replaced GetValue() != "" checks with IsSet() calls in database persistence layer to avoid incorrectly treating unresolved env vars as empty
  • Enhanced provider key forms with tabbed authentication method selection for Azure (API Key/Entra ID/Default Credential), Vertex AI (Service Account/Service Account JSON/API Key), and Bedrock (IAM Role/Explicit Credentials/API Key)
  • Improved form validation to require appropriate fields based on selected authentication method
  • Added better error handling in UI to distinguish between configuration errors and environment variable resolution issues
  • Updated schema validation with global error map for human-friendly messages and helper function for checking if environment variables are set
  • Added conditional field visibility based on authentication method selection

Type of change

  • Feature
  • Bug fix
  • Refactor
  • Documentation
  • Chore/CI

Affected areas

  • Core (Go)
  • Transports (HTTP)
  • Providers/Integrations
  • Plugins
  • UI (Next.js)
  • Docs

How to test

Test environment variable handling and provider authentication methods:

# Core/Transports
go version
go test ./...

# UI
cd ui
pnpm i || npm i
pnpm test || npm test
pnpm build || npm run build

Test scenarios:

  1. Configure Azure provider with different auth methods (API Key, Entra ID, Default Credential)
  2. Configure Vertex AI with service account, service account JSON, and API key authentication
  3. Configure Bedrock with IAM role, explicit credentials, and API key authentication
  4. Verify environment variable references are properly detected even when variables are not set in the current environment
  5. Test form validation ensures required fields are provided for each authentication method
  6. Verify error status indicators properly distinguish between configuration errors and env var resolution issues

Screenshots/Recordings

UI changes include new tabbed interface for selecting authentication methods for cloud providers, with contextual field visibility and improved validation messaging.

Breaking changes

  • Yes
  • No

Related issues

Improves provider configuration UX and fixes issues with environment variable detection in provider key persistence.
#2490

Security considerations

  • Environment variable handling improvements ensure credentials are properly detected and stored
  • Authentication method selection helps users choose appropriate security models for their deployment environment
  • Maintains existing encryption and secure storage of sensitive configuration values
  • Internal _auth_type fields are stripped before sending to API to avoid exposing UI state

Checklist

  • I read docs/contributing/README.md and followed the guidelines
  • I added/updated tests where appropriate
  • I updated documentation where needed
  • I verified builds succeed (Go and UI)
  • I verified the CI pipeline passes locally if applicable

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Apr 6, 2026
edited
Loading

📝 Walkthrough

Summary by CodeRabbit

  • New Features

    • Authentication-method tabs for Vertex, Azure, and Bedrock with persistent selection, conditional credential fields, and improved API-key field visibility.

  • Bug Fixes

    • Better detection and preservation of unresolved environment-backed credentials across save/load; status icons/tooltips now distinguish env-var resolution issues from other failures.
    • Save button enabled/disabled based solely on unsaved changes.

  • Validation

    • Auth-mode-aware validation rules, clearer error messages, and safer numeric parsing.

  • Tests

    • Expanded tests for env-var presence, redaction, and persistence behavior.

Walkthrough

Added EnvVar.IsSet and used it for persistence decisions; expanded provider key schemas with optional _auth_type and cross-field refinements; introduced per-provider auth-method UI state/tabs and submit sanitization; adjusted key-status rendering for env-var issues; added unit and DB round-trip tests.

Changes

Cohort / File(s) Summary
Core EnvVar
core/schemas/envvar.go, core/schemas/envvar_test.go		 Added (*EnvVar) IsSet() bool. Added tests for IsSet, JSON marshal/redaction, immutability during marshal, and marshal→unmarshal preservation of env-backed metadata.
Persistence / GORM
framework/configstore/tables/key.go, framework/configstore/tables/encryption_test.go		 TableKey.BeforeSave now uses EnvVar.IsSet() to decide copying/clearing provider-backed columns; AfterFind broadens Azure reconstruction triggers. Added DB round-trip tests verifying unresolved env-var references survive persistence and are reconstructed.
Validation Schemas
ui/lib/types/schemas.ts		 Registered global Zod error mapper; added isEnvVarSet helper; introduced optional _auth_type and moved presence checks into conditional refinements for Azure/Vertex/Bedrock/VLLM/Ollama/SGL; adjusted weight parsing and provider-aware value/API-key requiredness.
Provider Key Form UI
ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx, ui/app/workspace/providers/views/providerKeyForm.tsx		 Added Vertex auth-mode state and dedicated auth-method tab; split/refined Bedrock detection; persist/clear _auth_type on tab changes; hide top-level API key for providers with dedicated auth tabs; strip internal _auth_type before submit; Save button enabled based only on dirty state.
Provider Keys View
ui/app/workspace/providers/views/modelProviderKeysTableView.tsx		 For list_models_failed status, detect likely unresolved env-var configs via from_env flags and error text; render warning-styled icon/tooltip for env-var-resolution issues, otherwise preserve existing error rendering.

Sequence Diagram(s)

mermaid
sequenceDiagram
participant UI as "Browser UI"
participant API as "Server API"
participant Validator as "Zod Validator"
participant DB as "Config DB (GORM)"
participant AfterFind as "AfterFind reconstruction"
UI->>API: Submit provider key (client sanitization; remove _auth_type)
API->>Validator: Validate payload (isEnvVarSet & refinements)
Validator-->>API: Validation result
API->>DB: Save via GORM (BeforeSave uses EnvVar.IsSet)
DB-->>API: Persisted
API->>DB: Read back / reload
DB->>AfterFind: Trigger AfterFind (reconstruct provider configs)
AfterFind-->>API: Reconstructed record
API-->>UI: Return saved key / status

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

🐰 I sniff the vars both near and far,
Tabs and keys beneath the star,
Secrets masked while round-trips hum,
Schemas tidy what we've begun,
A little hop — the changes are done.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 72.22% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (2 passed)
Check name Status Explanation
Title check ✅ Passed The title 'feat: add IsSet method to EnvVar and improve provider auth validation' accurately summarizes the main changes: adding IsSet() method and enhancing provider authentication validation across multiple providers.
Description check ✅ Passed The PR description comprehensively covers all template sections including summary, detailed changes, type of change, affected areas, testing instructions, security considerations, and checklist completion.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch 04-06-fix_validation_in_all_provider_configuration_forms

Comment @coderabbitai help to get the list of available commands and usage tips.

@impoiler Graphite App
Copy link
Copy Markdown
Contributor Author

impoiler commented Apr 6, 2026
edited
Loading

This stack of pull requests is managed by Graphite. Learn more about stacking.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 6, 2026

🧪 Test Suite Available

This PR can be tested by a repository admin.

Run tests for PR #2529

@impoiler impoiler force-pushed the 04-06-fix_validation_in_all_provider_configuration_forms branch from f67113e to 5665c43 Compare April 6, 2026 12:09
@impoiler impoiler changed the title Fix: Validation in all provider configuration forms feat: add IsSet method to EnvVar and improve provider auth validation Apr 6, 2026
@impoiler impoiler changed the base branch from main to graphite-base/2529 April 6, 2026 12:25
@impoiler impoiler force-pushed the graphite-base/2529 branch from bd776f8 to 48868d4 Compare April 6, 2026 12:25
@impoiler impoiler force-pushed the 04-06-fix_validation_in_all_provider_configuration_forms branch from 5665c43 to 3c2678d Compare April 6, 2026 12:25
@impoiler impoiler changed the base branch from graphite-base/2529 to v1.5.0 April 6, 2026 12:25
@impoiler impoiler force-pushed the 04-06-fix_validation_in_all_provider_configuration_forms branch 4 times, most recently from 9eeae8e to 982888d Compare April 6, 2026 16:42
@impoiler impoiler marked this pull request as ready for review April 7, 2026 04:42
@impoiler impoiler marked this pull request as draft April 7, 2026 04:43
@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps Bot commented Apr 7, 2026
edited
Loading

Confidence Score: 4/5

Safe to merge after fixing the Azure auth-tab detection bug; all other changes are correct and well-tested.

One P1 defect: the Azure useEffect auth-type detection fires on new-key creation with empty form values and forces the tab to 'Default Credential', which can cause unintended provider configuration. The Go-side changes (IsSet(), BeforeSave rewrites, encryption tests) are solid. Score is 4 rather than 5 solely because of that one current behavioral defect in the UI.

ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx — Azure auth-type detection useEffect (lines 102–120)

Vulnerabilities
  • MarshalJSON on EnvVar auto-redacts resolved env-var secrets before they reach JSON serialization boundaries — a good defense-in-depth measure.
  • _auth_type UI-only fields are stripped in providerKeyForm.tsx before the payload is sent to the API, preventing internal state from leaking.
  • No injection, plaintext-secret storage, or auth-bypass issues identified in the changed code.

Important Files Changed

Filename Overview
core/schemas/envvar.go Adds IsSet() method (correct logic, but semantically overlaps with existing IsDefined()); also adds MarshalJSON referenced by new tests.
core/schemas/envvar_test.go Comprehensive tests for IsSet(), MarshalJSON auto-redaction, non-mutation, and round-trip; test cases cover nil, empty, env-backed, and plain-value states correctly.
framework/configstore/tables/key.go Replaces GetValue() != "" with IsSet() in BeforeSave for Azure, Vertex, Bedrock, VLLM, Ollama, and SGL fields — correctly preserves unresolved env-var references during persistence.
framework/configstore/tables/encryption_test.go New encryption round-trip tests for all provider configs using in-memory SQLite; covers both encrypt/decrypt and raw-DB verification.
ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx Auth-type detection useEffect for Azure runs on new-key creation with empty form values and incorrectly switches the selected tab from "API Key" to "Default Credential"; Vertex and Bedrock defaults are unaffected.
ui/app/workspace/providers/views/providerKeyForm.tsx Correctly strips internal _auth_type fields from Azure, Vertex, and Bedrock configs before submitting to the API; form validation and dirty-state guards look correct.
ui/app/workspace/providers/views/modelProviderKeysTableView.tsx Adds env-var heuristic to show an orange warning icon instead of red error for keys whose list_models failures may be due to unresolved env vars.
ui/lib/types/schemas.ts Adds global Zod error map, isEnvVarSet helper, and auth-method-aware refinements for Azure, Vertex, and Bedrock schemas; validation logic correctly gates required fields on the selected _auth_type.

Reviews (8): Last reviewed commit: "Fix: Validation in all provider configur..." | Re-trigger Greptile

greptile-apps[bot]
greptile-apps Bot reviewed Apr 7, 2026
View reviewed changes
Comment thread ui/app/workspace/providers/views/modelProviderKeysTableView.tsx
@impoiler impoiler force-pushed the 04-06-fix_validation_in_all_provider_configuration_forms branch from 982888d to ca3b8b7 Compare April 7, 2026 05:02
coderabbitai[bot]
coderabbitai Bot requested changes Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

🧹 Nitpick comments (1)
core/schemas/envvar.go (1)

265-274: Make IsDefined() delegate to IsSet().

This adds a second public “is this configured?” check with slightly different semantics. IsSet() treats env_var as configured even when FromEnv is stale/missing, while IsDefined() below still depends on FromEnv, so future call sites can easily reintroduce the same unresolved-env bug this PR is fixing.

♻️ Proposed fix 
 func (e *EnvVar) IsDefined() bool {
-	if e == nil {
-		return false
-	}
-	if e.IsFromEnv() {
-		return e.EnvVar != ""
-	}
-	return e.Val != ""
+	return e.IsSet()
 }
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@core/schemas/envvar.go` around lines 265 - 274, The IsDefined() method should
delegate to IsSet() to ensure both public checks share the same semantics;
update the EnvVar.IsDefined() implementation to return e.IsSet() (handling nil
receiver) instead of checking FromEnv or other fields so that env var references
are considered configured even when unresolved, and remove any lingering
FromEnv-dependent logic in IsDefined().
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@framework/configstore/tables/key.go`:
- Line 133: The OllamaKeyConfig.URL and SGLKeyConfig.URL branches still check
GetValue() != "" and thus clear stored env.* references when the env var is
currently unset; change those checks to use EnvVar.IsSet() (the same pattern
used for AzureKeyConfig.Endpoint.IsSet()) so unresolved env references are
preserved on round-trip—update the checks around the OllamaKeyConfig.URL and
SGLKeyConfig.URL handling (also the similar spots noted at the other ranges) to
rely on IsSet() instead of GetValue() != "".

In `@ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx`:
- Around line 102-120: The effect that computes Azure auth type (the useEffect
block that reads form.getValues and calls setAzureAuthType and
form.setValue("key.azure_key_config._auth_type")) only depends on isAzure and
the stable form reference, so it never reruns after form.reset() populates
values; update the effect to also depend on the actual form fields (use
form.watch or add the specific watched keys like
"key.azure_key_config.client_id", "key.azure_key_config.client_secret",
"key.azure_key_config.tenant_id", and "key.value") so the effect re-evaluates
when reset/populated values arrive, and make the same change for the equivalent
Vertex and Bedrock effects (the blocks that set detected auth types and call
setXAuthType / form.setValue for their _auth_type fields).

In `@ui/app/workspace/providers/views/modelProviderKeysTableView.tsx`:
- Around line 176-185: The env-var detection in hasEnvVarConfig is too narrow
and misses many auth fields; extend the boolean to also check Azure Entra
credential fields (e.g. key.azure_key_config?.client_id?.from_env,
key.azure_key_config?.client_secret?.from_env,
key.azure_key_config?.tenant_id?.from_env and similar Entra/credential
subfields), Vertex additional fields (e.g.
key.vertex_key_config?.auth_credentials?.*?.from_env,
key.vertex_key_config?.project_number?.from_env), Bedrock explicit and
assume-role fields (e.g. key.bedrock_key_config?.credentials?.from_env,
key.bedrock_key_config?.assume_role?.*?.from_env), and other model provider
URL/auth fields like Ollama/SGL (e.g. key.ollama_key_config?.url?.from_env,
key.sgl_key_config?.url?.from_env), so that hasEnvVarConfig (and thus
isEnvResolutionError) flags all env-backed credential and URL fields referenced
by the key object.

In `@ui/app/workspace/providers/views/providerKeyForm.tsx`:
- Around line 80-103: The client-side code in providerKeyForm.tsx is removing
provider-specific _auth_type fields (azure_key_config, vertex_key_config,
bedrock_key_config) before calling createProviderKey/updateProviderKey, which
hides the auth selection from server-side validation; stop stripping those
fields so the server handlers
(transports/bifrost-http/handlers/provider_keys.go) receive the full payload and
can enforce proper auth-combination validation. Concretely, remove the
destructuring that drops _auth_type (the three blocks that rewrite
key.azure_key_config, key.vertex_key_config, key.bedrock_key_config) and send
the original key object to createProviderKey/updateProviderKey so the server can
validate the auth type, or alternatively ensure the server handler implements
equivalent checks before reintroducing client-side stripping.

---

Nitpick comments:
In `@core/schemas/envvar.go`:
- Around line 265-274: The IsDefined() method should delegate to IsSet() to
ensure both public checks share the same semantics; update the
EnvVar.IsDefined() implementation to return e.IsSet() (handling nil receiver)
instead of checking FromEnv or other fields so that env var references are
considered configured even when unresolved, and remove any lingering
FromEnv-dependent logic in IsDefined().
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: faded5da-fcd8-4f92-bc32-11a9f7a038fe

📥 Commits

Reviewing files that changed from the base of the PR and between 9878c76 and 982888d.

📒 Files selected for processing (6)
  • core/schemas/envvar.go
  • framework/configstore/tables/key.go
  • ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx
  • ui/app/workspace/providers/views/modelProviderKeysTableView.tsx
  • ui/app/workspace/providers/views/providerKeyForm.tsx
  • ui/lib/types/schemas.ts

Comment thread framework/configstore/tables/key.go
Comment thread ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx
Comment thread ui/app/workspace/providers/views/modelProviderKeysTableView.tsx
Comment thread ui/app/workspace/providers/views/providerKeyForm.tsx
@impoiler impoiler mentioned this pull request Apr 7, 2026
Merged
11 tasks
@impoiler impoiler force-pushed the 04-06-fix_validation_in_all_provider_configuration_forms branch from ca3b8b7 to b02ecee Compare April 7, 2026 07:09
@impoiler impoiler self-assigned this Apr 7, 2026
@impoiler impoiler force-pushed the 04-06-fix_validation_in_all_provider_configuration_forms branch 2 times, most recently from a1fc8b1 to 47c6f82 Compare April 7, 2026 07:59
@impoiler impoiler marked this pull request as ready for review April 7, 2026 07:59
coderabbitai[bot]
coderabbitai Bot requested changes Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx (1)

429-444: ⚠️ Potential issue | 🟡 Minor

Dead conditional in label text.

The label at line 436 checks isVertex and isVLLM, but this code is inside the {isAzure && (...)} block where both will always be false. The conditional is unreachable and the label will always render as just "API Key".

🔧 Proposed fix 
 {azureAuthType === "api_key" && (
 	<FormField
 		control={control}
 		name={`key.value`}
 		render={({ field }) => (
 			<FormItem>
-				<FormLabel>
-					API Key {isVertex ? "(Supported only for gemini and fine-tuned models)" : isVLLM ? "(Optional)" : ""}
-				</FormLabel>
+				<FormLabel>API Key</FormLabel>
 				<FormControl>
 					<EnvVarInput placeholder="API Key or env.MY_KEY" type="text" {...field} />
 				</FormControl>
 				<FormMessage />
 			</FormItem>
 		)}
 	/>
 )}
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx` around lines
429 - 444, The API Key label contains an unreachable conditional
(isVertex/isVLLM) because this JSX is already inside the isAzure block; update
the label in the FormField render for name `key.value` to remove the dead checks
(isVertex/isVLLM) and render a static "API Key" or move the conditional logic to
the parent that determines when those suffixes should appear (use the existing
isAzure / isVertex / isVLLM flags to decide at a higher level). Target the
FormField rendering block where `azureAuthType === "api_key"` and adjust the
FormLabel text accordingly.
🧹 Nitpick comments (1)
ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx (1)

14-14: Remove unused Textarea import.

The Textarea component is imported but never used in this file. The textarea functionality is achieved via EnvVarInput with variant="textarea" at line 650.

🧹 Proposed fix 
-import { Textarea } from "@/components/ui/textarea";
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx` at line 14,
Remove the unused import of Textarea from this module: locate the import
statement "import { Textarea } from "@/components/ui/textarea"; and delete it
because the file uses EnvVarInput with variant="textarea" (see EnvVarInput) for
textarea functionality and Textarea is not referenced elsewhere.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@framework/configstore/tables/encryption_test.go`:
- Around line 1819-1848: The AfterFind method currently only reconstructs
AzureKeyConfig when AzureEndpoint is non-nil; update the guard in AfterFind so
it checks for presence of any Azure-related stored fields (e.g., AzureEndpoint,
AzureAPIVersion, AzureClientID, AzureClientSecret, AzureTenantID,
AzureScopesJSON) and reconstructs schemas.AzureKeyConfig whenever any of these
is non-nil; locate the reconstruction logic in the AfterFind method and replace
the single-field check (AzureEndpoint) with a combined OR condition across those
Azure* fields so APIVersion-only rows correctly rebuild AzureKeyConfig.

---

Outside diff comments:
In `@ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx`:
- Around line 429-444: The API Key label contains an unreachable conditional
(isVertex/isVLLM) because this JSX is already inside the isAzure block; update
the label in the FormField render for name `key.value` to remove the dead checks
(isVertex/isVLLM) and render a static "API Key" or move the conditional logic to
the parent that determines when those suffixes should appear (use the existing
isAzure / isVertex / isVLLM flags to decide at a higher level). Target the
FormField rendering block where `azureAuthType === "api_key"` and adjust the
FormLabel text accordingly.

---

Nitpick comments:
In `@ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx`:
- Line 14: Remove the unused import of Textarea from this module: locate the
import statement "import { Textarea } from "@/components/ui/textarea"; and
delete it because the file uses EnvVarInput with variant="textarea" (see
EnvVarInput) for textarea functionality and Textarea is not referenced
elsewhere.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: b16493ca-30c1-462c-804a-dcd712dce9a8

📥 Commits

Reviewing files that changed from the base of the PR and between 982888d and 47c6f82.

📒 Files selected for processing (8)
  • core/schemas/envvar.go
  • core/schemas/envvar_test.go
  • framework/configstore/tables/encryption_test.go
  • framework/configstore/tables/key.go
  • ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx
  • ui/app/workspace/providers/views/modelProviderKeysTableView.tsx
  • ui/app/workspace/providers/views/providerKeyForm.tsx
  • ui/lib/types/schemas.ts
✅ Files skipped from review due to trivial changes (2)
  • ui/app/workspace/providers/views/modelProviderKeysTableView.tsx
  • framework/configstore/tables/key.go
🚧 Files skipped from review as they are similar to previous changes (2)
  • core/schemas/envvar.go
  • ui/app/workspace/providers/views/providerKeyForm.tsx

Comment thread framework/configstore/tables/encryption_test.go
coderabbitai[bot]
coderabbitai Bot previously approved these changes Apr 7, 2026
View reviewed changes
@impoiler impoiler force-pushed the 04-06-fix_validation_in_all_provider_configuration_forms branch from 47c6f82 to 8882712 Compare April 7, 2026 09:43
coderabbitai[bot]
coderabbitai Bot reviewed Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (3)
ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx (2)

14-14: Unused import: Textarea is imported but not directly used in this file.

The EnvVarInput component with variant="textarea" handles its own rendering internally. This import appears to be leftover from development or a refactor.

🧹 Remove unused import 
-import { Textarea } from "@/components/ui/textarea";
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx` at line 14,
Remove the unused Textarea import: the file imports Textarea but rendering is
handled inside the EnvVarInput component (when using variant="textarea"), so
delete the import statement for Textarea to eliminate the unused symbol and keep
the module clean; search for the Textarea import line and remove it while
leaving EnvVarInput and any usages of variant="textarea" intact.

568-578: Validation timing is acceptable but could be optimized.

The shouldValidate: true on _auth_type triggers validation before the subsequent field clears. This works correctly because:

  1. When switching away from service_account_json, the refinement no longer requires auth_credentials
  2. When switching to service_account_json, validation will show the required field error (expected UX)

However, for smoother UX, you could defer validation until all field updates complete:

💡 Optional: Batch updates to avoid intermediate validation states 
 onValueChange={(v) => {
 	setVertexAuthType(v as "service_account" | "service_account_json" | "api_key");
-	form.setValue("key.vertex_key_config._auth_type", v, { shouldDirty: true, shouldValidate: true });
+	form.setValue("key.vertex_key_config._auth_type", v, { shouldDirty: true });
 	if (v === "service_account" || v === "api_key") {
-		form.setValue("key.vertex_key_config.auth_credentials", undefined, { shouldDirty: true });
+		form.setValue("key.vertex_key_config.auth_credentials", undefined, { shouldDirty: true });
 	}
 	if (v === "service_account" || v === "service_account_json") {
-		form.setValue("key.value", undefined, { shouldDirty: true });
+		form.setValue("key.value", undefined, { shouldDirty: true, shouldValidate: true });
 	}
+	// Trigger validation after all updates
+	if (v === "service_account" || v === "api_key") {
+		form.trigger("key.vertex_key_config");
+	}
 }}
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx` around lines
568 - 578, The validation on setting _auth_type fires too early and can run
before the dependent fields are cleared; update the onValueChange in
setVertexAuthType to batch updates: call
form.setValue("key.vertex_key_config._auth_type", v, { shouldDirty: true,
shouldValidate: false }), then perform the conditional clears via
form.setValue(...) for "key.vertex_key_config.auth_credentials" and "key.value"
as needed, and finally call form.trigger(...) or form.validate() once (e.g.,
trigger the "key" namespace or the specific affected fields) so validation runs
after all updates complete.
ui/app/workspace/providers/views/modelProviderKeysTableView.tsx (1)

176-215: Env-var detection heuristic covers common cases but omits some fields.

The hasEnvVarConfig check now includes Vertex project_id and region, which addresses the previous review feedback. However, these fields are still not checked:

  • Azure Entra credentials (client_id, client_secret, tenant_id)
  • Vertex auth_credentials
  • Bedrock access_key/secret_key
  • Ollama/SGL url

Since this is a UX heuristic (not a security check), the current coverage may be sufficient for the most common cases. If you want complete coverage, consider extracting a helper that recursively checks all from_env fields in the key's config objects.

💡 Optional: More comprehensive env-var detection 
 const hasEnvVarConfig =
 	key.azure_key_config?.endpoint?.from_env ||
+	key.azure_key_config?.client_id?.from_env ||
+	key.azure_key_config?.client_secret?.from_env ||
+	key.azure_key_config?.tenant_id?.from_env ||
 	key.vertex_key_config?.project_id?.from_env ||
 	key.vertex_key_config?.region?.from_env ||
+	key.vertex_key_config?.auth_credentials?.from_env ||
 	key.bedrock_key_config?.region?.from_env ||
+	key.bedrock_key_config?.access_key?.from_env ||
+	key.bedrock_key_config?.secret_key?.from_env ||
 	key.vllm_key_config?.url?.from_env ||
+	key.ollama_key_config?.url?.from_env ||
+	key.sgl_key_config?.url?.from_env ||
 	key.value?.from_env;
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@ui/app/workspace/providers/views/modelProviderKeysTableView.tsx` around lines
176 - 215, The env-var detection heuristic in modelProviderKeysTableView.tsx
(the hasEnvVarConfig/isEnvResolutionError logic) misses several config fields
(Azure client_id/client_secret/tenant_id, Vertex auth_credentials, Bedrock
access_key/secret_key, Ollama/SGL url); replace the ad-hoc boolean expression
with a small helper (e.g., hasEnvVarInConfig(config): boolean) that recursively
traverses the key object (use the existing key.* config objects referenced in
the diff) and returns true if any property has a from_env flag or is a value
object with from_env; then use that helper in place of hasEnvVarConfig to
compute isEnvResolutionError so all present env-backed fields are detected.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx`:
- Line 14: Remove the unused Textarea import: the file imports Textarea but
rendering is handled inside the EnvVarInput component (when using
variant="textarea"), so delete the import statement for Textarea to eliminate
the unused symbol and keep the module clean; search for the Textarea import line
and remove it while leaving EnvVarInput and any usages of variant="textarea"
intact.
- Around line 568-578: The validation on setting _auth_type fires too early and
can run before the dependent fields are cleared; update the onValueChange in
setVertexAuthType to batch updates: call
form.setValue("key.vertex_key_config._auth_type", v, { shouldDirty: true,
shouldValidate: false }), then perform the conditional clears via
form.setValue(...) for "key.vertex_key_config.auth_credentials" and "key.value"
as needed, and finally call form.trigger(...) or form.validate() once (e.g.,
trigger the "key" namespace or the specific affected fields) so validation runs
after all updates complete.

In `@ui/app/workspace/providers/views/modelProviderKeysTableView.tsx`:
- Around line 176-215: The env-var detection heuristic in
modelProviderKeysTableView.tsx (the hasEnvVarConfig/isEnvResolutionError logic)
misses several config fields (Azure client_id/client_secret/tenant_id, Vertex
auth_credentials, Bedrock access_key/secret_key, Ollama/SGL url); replace the
ad-hoc boolean expression with a small helper (e.g., hasEnvVarInConfig(config):
boolean) that recursively traverses the key object (use the existing key.*
config objects referenced in the diff) and returns true if any property has a
from_env flag or is a value object with from_env; then use that helper in place
of hasEnvVarConfig to compute isEnvResolutionError so all present env-backed
fields are detected.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 16ad0a62-ab4e-4284-a5bb-5e172872a03b

📥 Commits

Reviewing files that changed from the base of the PR and between 47c6f82 and 8882712.

📒 Files selected for processing (8)
  • core/schemas/envvar.go
  • core/schemas/envvar_test.go
  • framework/configstore/tables/encryption_test.go
  • framework/configstore/tables/key.go
  • ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx
  • ui/app/workspace/providers/views/modelProviderKeysTableView.tsx
  • ui/app/workspace/providers/views/providerKeyForm.tsx
  • ui/lib/types/schemas.ts
✅ Files skipped from review due to trivial changes (2)
  • framework/configstore/tables/key.go
  • framework/configstore/tables/encryption_test.go
🚧 Files skipped from review as they are similar to previous changes (2)
  • ui/app/workspace/providers/views/providerKeyForm.tsx
  • core/schemas/envvar_test.go

@impoiler impoiler force-pushed the 04-06-fix_validation_in_all_provider_configuration_forms branch from 8882712 to 2c660e6 Compare April 7, 2026 15:38
coderabbitai[bot]
coderabbitai Bot requested changes Apr 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

♻️ Duplicate comments (2)
ui/app/workspace/providers/views/modelProviderKeysTableView.tsx (1)

176-185: ⚠️ Potential issue | 🟡 Minor

hasEnvVarConfig missing Ollama and SGL URL checks.

The Go tests added in this PR (TestTableKey_OllamaUnresolvedEnvVar_RoundTrip and TestTableKey_SGLUnresolvedEnvVar_RoundTrip) explicitly verify that Ollama/SGL URL env-var references persist through round-trips. However, the UI detection logic doesn't check these providers:

 const hasEnvVarConfig =
 	key.azure_key_config?.endpoint?.from_env ||
 	key.vertex_key_config?.project_id?.from_env ||
 	key.vertex_key_config?.region?.from_env ||
 	key.bedrock_key_config?.region?.from_env ||
 	key.vllm_key_config?.url?.from_env ||
+	key.ollama_key_config?.url?.from_env ||
+	key.sgl_key_config?.url?.from_env ||
 	key.value?.from_env;

Without this, Ollama/SGL keys with unresolved env vars will show the generic error icon instead of the env-var warning, even when the backend description matches the resolution-error pattern.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@ui/app/workspace/providers/views/modelProviderKeysTableView.tsx` around lines
176 - 185, The env-var resolution detection is missing checks for Ollama and SGL
provider URLs, so update the hasEnvVarConfig computation (used alongside
isEnvResolutionError) to include key.ollama_key_config?.url?.from_env and
key.sgl_key_config?.url?.from_env in the OR chain (alongside the existing checks
like key.azure_key_config?.endpoint?.from_env,
key.vertex_key_config?.project_id?.from_env,
key.vertex_key_config?.region?.from_env,
key.bedrock_key_config?.region?.from_env, key.vllm_key_config?.url?.from_env,
and key.value?.from_env) so unresolved Ollama/SGL env-var references correctly
trigger the env-var warning icon.
ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx (1)

102-120: ⚠️ Potential issue | 🟠 Major

Recompute the detected auth mode from watched field values.

ProviderKeyForm repopulates the form after currentKey arrives, but these three effects still only depend on the provider flags and the stable form object. In edit flows, that can leave Azure/Vertex/Bedrock on the default tab and write the wrong hidden _auth_type after form.reset(...).

You can verify the reset/effect mismatch with:

#!/bin/bash
set -e
printf '%s\n' 'Parent reset flow:'
sed -n '54,66p' ui/app/workspace/providers/views/providerKeyForm.tsx
printf '\n%s\n' 'Auth detection effects:'
sed -n '101,157p' ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx

Expected: these effects should also depend on watched auth-related values (for example via useWatch) so they rerun after form.reset(...).

Also applies to: 122-138, 140-157

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx` around lines
102 - 120, The effect that detects Azure auth mode (the useEffect that reads
form.getValues and calls setAzureAuthType and
form.setValue("key.azure_key_config._auth_type", ...)) only depends on isAzure
and the stable form object, so it doesn't recompute after ProviderKeyForm calls
form.reset(...); fix this by watching the real auth-related form fields (e.g.,
via react-hook-form's useWatch for "key.azure_key_config.client_id",
"key.azure_key_config.client_secret", "key.azure_key_config.tenant_id", and
"key.value") and include those watched values in the effect dependencies so the
detection reruns after resets; apply the same change pattern to the
corresponding Vertex/Bedrock detection effects (the other useEffect blocks that
call setVertexAuthType/setBedrockAuthType and set the _auth_type hidden fields).
🧹 Nitpick comments (1)
ui/app/workspace/providers/views/providerKeyForm.tsx (1)

80-93: Move _auth_type sanitization to a shared request boundary.

This screen strips the UI-only auth markers, but ui/app/workspace/providers/views/modelProviderKeysTableView.tsx:232-235 still calls updateProviderKey with a raw key. A shared sanitizeProviderKeyForApi() helper, or request types that omit _auth_type, will keep every mutation path consistent.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@ui/app/workspace/providers/views/providerKeyForm.tsx` around lines 80 - 93,
Create a shared sanitization helper (e.g., sanitizeProviderKeyForApi(key)) that
removes any UI-only _auth_type fields from nested configs (azure_key_config,
vertex_key_config, bedrock_key_config) and replace the inline stripping logic in
providerKeyForm.tsx with a call to that helper; then update any other mutation
call sites (notably updateProviderKey invocation in
modelProviderKeysTableView.tsx) to pass the sanitized object instead of the raw
key so all API-bound requests use the same sanitized shape.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx`:
- Around line 649-655: The new Vertex auth inputs (the EnvVarInput instance used
for auth_credentials and the Vertex API-key input referenced nearby) lack stable
selectors for E2E tests; add data-testid attributes following the pattern
data-testid="<entity>-<element>-<qualifier>" to both interactive inputs—e.g.,
add data-testid values like "vertex-auth_credentials-input" to the EnvVarInput
and "vertex-apiKey-input" (or similar consistent names) to the API-key input so
tests can reliably target them; update both occurrences (the EnvVarInput at the
shown fragment and the inputs around lines 677–678) to include these attributes.

In `@ui/lib/types/schemas.ts`:
- Around line 65-69: The helper isEnvVarSet currently trims values and env_var
before checking, causing a mismatch with backend EnvVar.IsSet(); change it to
consider any non-empty raw string as set (no trimming) so that whitespace-only
strings count as set like core/schemas/envvar.go does—update the function that
accepts { value?: string; env_var?: string } | undefined (isEnvVarSet) to return
true when v.value or v.env_var is not strictly empty/undefined without calling
.trim(), preserving the undefined check but removing whitespace trimming logic.
- Around line 235-245: The transform on the weight field currently uses
parseFloat which accepts numeric prefixes (e.g., "0.5abc"); update the
validation in the transform((val, ctx) => { ... }) block to reject
partially-numeric strings by converting using Number(val) and checking
Number.isFinite(num) (after handling empty-string -> 1.0 and numeric inputs),
and if invalid call ctx.addIssue with the same message and return z.NEVER; keep
references to val, ctx, transform, Number.isFinite and z.NEVER so you replace
parseFloat-based logic with this stricter check.

---

Duplicate comments:
In `@ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx`:
- Around line 102-120: The effect that detects Azure auth mode (the useEffect
that reads form.getValues and calls setAzureAuthType and
form.setValue("key.azure_key_config._auth_type", ...)) only depends on isAzure
and the stable form object, so it doesn't recompute after ProviderKeyForm calls
form.reset(...); fix this by watching the real auth-related form fields (e.g.,
via react-hook-form's useWatch for "key.azure_key_config.client_id",
"key.azure_key_config.client_secret", "key.azure_key_config.tenant_id", and
"key.value") and include those watched values in the effect dependencies so the
detection reruns after resets; apply the same change pattern to the
corresponding Vertex/Bedrock detection effects (the other useEffect blocks that
call setVertexAuthType/setBedrockAuthType and set the _auth_type hidden fields).

In `@ui/app/workspace/providers/views/modelProviderKeysTableView.tsx`:
- Around line 176-185: The env-var resolution detection is missing checks for
Ollama and SGL provider URLs, so update the hasEnvVarConfig computation (used
alongside isEnvResolutionError) to include key.ollama_key_config?.url?.from_env
and key.sgl_key_config?.url?.from_env in the OR chain (alongside the existing
checks like key.azure_key_config?.endpoint?.from_env,
key.vertex_key_config?.project_id?.from_env,
key.vertex_key_config?.region?.from_env,
key.bedrock_key_config?.region?.from_env, key.vllm_key_config?.url?.from_env,
and key.value?.from_env) so unresolved Ollama/SGL env-var references correctly
trigger the env-var warning icon.

---

Nitpick comments:
In `@ui/app/workspace/providers/views/providerKeyForm.tsx`:
- Around line 80-93: Create a shared sanitization helper (e.g.,
sanitizeProviderKeyForApi(key)) that removes any UI-only _auth_type fields from
nested configs (azure_key_config, vertex_key_config, bedrock_key_config) and
replace the inline stripping logic in providerKeyForm.tsx with a call to that
helper; then update any other mutation call sites (notably updateProviderKey
invocation in modelProviderKeysTableView.tsx) to pass the sanitized object
instead of the raw key so all API-bound requests use the same sanitized shape.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 4a834793-5563-441a-b287-8aa595e5fbc7

📥 Commits

Reviewing files that changed from the base of the PR and between 8882712 and 2c660e6.

📒 Files selected for processing (8)
  • core/schemas/envvar.go
  • core/schemas/envvar_test.go
  • framework/configstore/tables/encryption_test.go
  • framework/configstore/tables/key.go
  • ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx
  • ui/app/workspace/providers/views/modelProviderKeysTableView.tsx
  • ui/app/workspace/providers/views/providerKeyForm.tsx
  • ui/lib/types/schemas.ts
🚧 Files skipped from review as they are similar to previous changes (3)
  • core/schemas/envvar.go
  • framework/configstore/tables/key.go
  • core/schemas/envvar_test.go

Comment thread ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx
Comment thread ui/lib/types/schemas.ts
Comment thread ui/lib/types/schemas.ts
@impoiler impoiler force-pushed the 04-06-fix_validation_in_all_provider_configuration_forms branch from 2c660e6 to bf47ff7 Compare April 8, 2026 04:50
greptile-apps[bot]
greptile-apps Bot reviewed Apr 8, 2026
View reviewed changes
Comment thread core/schemas/envvar_test.go
coderabbitai[bot]
coderabbitai Bot reviewed Apr 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

♻️ Duplicate comments (3)
ui/lib/types/schemas.ts (2)

235-245: ⚠️ Potential issue | 🟡 Minor

Reject partially numeric weight strings.

Line 238 uses parseFloat(), so inputs like "0.5abc" are normalized to 0.5 and still pass the later 0..1 range check. Use Number() plus Number.isFinite() here so only fully numeric strings are accepted.

Suggested fix 
 			.transform((val, ctx) => {
 				if (typeof val === "number") return val;
 				if (val.trim() === "") return 1.0;
-				const num = parseFloat(val);
-				if (isNaN(num)) {
+				const num = Number(val);
+				if (!Number.isFinite(num)) {
 					ctx.addIssue({
 						code: "custom",
 						message: "Weight must be a valid number between 0 and 1",
 					});
 					return z.NEVER;
 				}
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@ui/lib/types/schemas.ts` around lines 235 - 245, The transform in the schema
currently uses parseFloat (inside the .transform callback) which allows
partially-numeric strings like "0.5abc"; change the parsing to use Number(val)
and validate with Number.isFinite(parsed) so only fully numeric strings are
accepted, keep the existing trim-empty-string => 1.0 behavior, and if
Number.isFinite returns false call ctx.addIssue (same message) and return
z.NEVER; update the transform logic around the typeof val === "number" check and
the ctx.addIssue/z.NEVER paths accordingly.

66-69: ⚠️ Potential issue | 🟡 Minor

Keep isEnvVarSet() aligned with the new backend EnvVar.IsSet() semantics.

Line 68 trims before checking, so whitespace-only raw value / env_var entries are treated as unset here even though the Go-side IsSet() now treats any non-empty raw string as configured. That reintroduces a UI/backend mismatch in every refine that now depends on this helper.

Suggested fix 
 function isEnvVarSet(v: { value?: string; env_var?: string } | undefined): boolean {
 	if (!v) return false;
-	return !!v.value?.trim() || !!v.env_var?.trim();
+	return (v.value ?? "") !== "" || (v.env_var ?? "") !== "";
 }
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@ui/lib/types/schemas.ts` around lines 66 - 69, isEnvVarSet currently trims
before checking which treats whitespace-only strings as unset, but the backend
EnvVar.IsSet considers any non-empty raw string as configured; update
isEnvVarSet to consider a value/env_var as set if it is non-null/undefined and
has length > 0 (do not trim or ignore whitespace). Locate the isEnvVarSet
function and replace the trim-based checks (v.value?.trim(), v.env_var?.trim())
with non-empty raw-string checks (e.g., v.value !== undefined && v.value.length
> 0 and same for v.env_var) so the UI matches backend EnvVar.IsSet semantics.
ui/app/workspace/providers/views/modelProviderKeysTableView.tsx (1)

178-185: ⚠️ Potential issue | 🟡 Minor

Cover all env-backed auth fields in hasEnvVarConfig.

Line 178 only checks endpoint/project_id/region/VLLM URL/top-level value. That misses Azure api_version + Entra fields, Vertex auth_credentials / project_number, Bedrock explicit + role fields, and Ollama/SGL URLs, so those failures still fall through to the generic red error state instead of the env-resolution warning this PR is adding.

Suggested fix 
-													const hasEnvVarConfig =
-														key.azure_key_config?.endpoint?.from_env ||
-														key.vertex_key_config?.project_id?.from_env ||
-														key.vertex_key_config?.region?.from_env ||
-														key.bedrock_key_config?.region?.from_env ||
-														key.vllm_key_config?.url?.from_env ||
-														key.value?.from_env;
+													const hasEnvRef = (value: unknown): boolean => {
+														if (!value || typeof value !== "object") return false;
+														if ("from_env" in value && Boolean((value as { from_env?: boolean }).from_env)) {
+															return true;
+														}
+														return Object.values(value as Record<string, unknown>).some(hasEnvRef);
+													};
+
+													const hasEnvVarConfig = [
+														key.value,
+														key.azure_key_config,
+														key.vertex_key_config,
+														key.bedrock_key_config,
+														key.vllm_key_config,
+														key.ollama_key_config,
+														key.sgl_key_config,
+													].some(hasEnvRef);
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@ui/app/workspace/providers/views/modelProviderKeysTableView.tsx` around lines
178 - 185, Update the hasEnvVarConfig boolean in modelProviderKeysTableView.tsx
to include all env-backed auth fields so env-resolution errors are detected:
extend the OR chain that currently references key.azure_key_config?.endpoint,
key.azure_key_config?.api_version, and all Entra-related fields (e.g.,
client_id/client_secret/tenant_id if present) to check their .from_env; add
Vertex checks for key.vertex_key_config?.auth_credentials?.from_env and
?.project_number?.from_env in addition to project_id/region; include Bedrock
explicit endpoint and role fields (e.g.,
key.bedrock_key_config?.endpoint?.from_env and any role-related .from_env
flags); and add Ollama/SGL URL fields (e.g.,
key.ollama_key_config?.url?.from_env and key.sgl_key_config?.url?.from_env);
keep the isEnvResolutionError logic the same but rely on the expanded
hasEnvVarConfig.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@ui/app/workspace/providers/views/modelProviderKeysTableView.tsx`:
- Around line 178-185: Update the hasEnvVarConfig boolean in
modelProviderKeysTableView.tsx to include all env-backed auth fields so
env-resolution errors are detected: extend the OR chain that currently
references key.azure_key_config?.endpoint, key.azure_key_config?.api_version,
and all Entra-related fields (e.g., client_id/client_secret/tenant_id if
present) to check their .from_env; add Vertex checks for
key.vertex_key_config?.auth_credentials?.from_env and ?.project_number?.from_env
in addition to project_id/region; include Bedrock explicit endpoint and role
fields (e.g., key.bedrock_key_config?.endpoint?.from_env and any role-related
.from_env flags); and add Ollama/SGL URL fields (e.g.,
key.ollama_key_config?.url?.from_env and key.sgl_key_config?.url?.from_env);
keep the isEnvResolutionError logic the same but rely on the expanded
hasEnvVarConfig.

In `@ui/lib/types/schemas.ts`:
- Around line 235-245: The transform in the schema currently uses parseFloat
(inside the .transform callback) which allows partially-numeric strings like
"0.5abc"; change the parsing to use Number(val) and validate with
Number.isFinite(parsed) so only fully numeric strings are accepted, keep the
existing trim-empty-string => 1.0 behavior, and if Number.isFinite returns false
call ctx.addIssue (same message) and return z.NEVER; update the transform logic
around the typeof val === "number" check and the ctx.addIssue/z.NEVER paths
accordingly.
- Around line 66-69: isEnvVarSet currently trims before checking which treats
whitespace-only strings as unset, but the backend EnvVar.IsSet considers any
non-empty raw string as configured; update isEnvVarSet to consider a
value/env_var as set if it is non-null/undefined and has length > 0 (do not trim
or ignore whitespace). Locate the isEnvVarSet function and replace the
trim-based checks (v.value?.trim(), v.env_var?.trim()) with non-empty raw-string
checks (e.g., v.value !== undefined && v.value.length > 0 and same for
v.env_var) so the UI matches backend EnvVar.IsSet semantics.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 04f83897-f13b-4ee1-bec8-f04f820f208b

📥 Commits

Reviewing files that changed from the base of the PR and between 2c660e6 and bf47ff7.

📒 Files selected for processing (8)
  • core/schemas/envvar.go
  • core/schemas/envvar_test.go
  • framework/configstore/tables/encryption_test.go
  • framework/configstore/tables/key.go
  • ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx
  • ui/app/workspace/providers/views/modelProviderKeysTableView.tsx
  • ui/app/workspace/providers/views/providerKeyForm.tsx
  • ui/lib/types/schemas.ts
✅ Files skipped from review due to trivial changes (1)
  • ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx
🚧 Files skipped from review as they are similar to previous changes (4)
  • core/schemas/envvar.go
  • framework/configstore/tables/key.go
  • core/schemas/envvar_test.go
  • ui/app/workspace/providers/views/providerKeyForm.tsx

@impoiler impoiler force-pushed the 04-06-fix_validation_in_all_provider_configuration_forms branch from bf47ff7 to 20058ea Compare April 8, 2026 05:18
coderabbitai[bot]
coderabbitai Bot requested changes Apr 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

♻️ Duplicate comments (3)
ui/lib/types/schemas.ts (2)

65-68: ⚠️ Potential issue | 🟠 Major

Keep isEnvVarSet() byte-for-byte aligned with EnvVar.IsSet().

The backend now treats any non-empty raw value or env_var as configured. Trimming here makes whitespace-only inputs count as unset on the client, so validation can still reject or clear fields that core/schemas/envvar.go / framework/configstore/tables/key.go will preserve.

🛠️ Proposed fix 
 function isEnvVarSet(v: { value?: string; env_var?: string } | undefined): boolean {
 	if (!v) return false;
-	return !!v.value?.trim() || !!v.env_var?.trim();
+	return (v.value ?? "") !== "" || (v.env_var ?? "") !== "";
 }
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@ui/lib/types/schemas.ts` around lines 65 - 68, The client helper isEnvVarSet
currently trims value/env_var which diverges from the backend's EnvVar.IsSet
behavior; update isEnvVarSet (the function named isEnvVarSet) to consider any
non-empty raw string as set by removing the .trim() calls and using simple
existence checks (e.g., check v.value and v.env_var for non-empty strings) so
the client is byte-for-byte aligned with EnvVar.IsSet.

233-250: ⚠️ Potential issue | 🟡 Minor

This stricter parser is still bypassed by the form blur handler.

At Lines 206-212 in ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx, the weight input still calls parseFloat() on blur and writes the numeric prefix back into form state. That means "0.5abc" becomes 0.5 before this schema runs, so the new Number() check only helps submit-without-blur cases.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@ui/lib/types/schemas.ts` around lines 233 - 250, The blur handler that
currently calls parseFloat on the weight input is bypassing the stricter zod
parser—locate the weight input's onBlur (the handler using parseFloat) and stop
coercing the field to a numeric prefix; instead, change the blur logic to use
Number(val) and only write the numeric value back into form state if
Number.isFinite(num), otherwise leave the raw string in the input so the zod
transform (which uses Number(...) and rejects non-numeric strings) runs on
validation; update any calls to parseFloat(...) to this Number + Number.isFinite
check (or remove the coercion entirely and rely on your form library's
validation trigger) so "0.5abc" is preserved until zod validates it.
ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx (1)

101-157: ⚠️ Potential issue | 🟠 Major

Recompute auth type after form.reset() populates an existing key.

These effects only depend on the provider flags and the stable form object. If edit values arrive after mount, none of them rerun, so Azure/Vertex/Bedrock stay on their defaults and _auth_type can disagree with the loaded credentials. That hides the wrong fields and can force the wrong validation branch; for example, an existing Azure Entra ID key can still be treated as api_key.

Watching the relevant credential fields (or deriving the tab directly from watched values) will keep the UI and resolver state in sync.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx` around lines
101 - 157, The effects that detect auth type (the useEffect blocks that call
setAzureAuthType/setVertexAuthType/setBedrockAuthType and form.setValue) only
depend on isAzure/isVertex/isBedrock and the stable form object, so they don't
rerun when form.reset() populates values; update each effect to depend on the
actual credential fields (or use form.watch) instead of only the provider flag
so they recompute when values change—specifically watch the Azure fields
"key.azure_key_config.client_id", "key.azure_key_config.client_secret",
"key.azure_key_config.tenant_id", and "key.value" in the Azure effect, the
Vertex fields "key.vertex_key_config.auth_credentials" and "key.value" in the
Vertex effect, and the Bedrock fields "key.bedrock_key_config.access_key",
"key.bedrock_key_config.secret_key", and "key.value" in the Bedrock effect, then
run the same detection logic and call
setAzureAuthType/setVertexAuthType/setBedrockAuthType and
form.setValue("key.*._auth_type", detected) so UI and resolver state stay in
sync after form.reset().
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@ui/lib/types/schemas.ts`:
- Around line 20-37: The custom error mapping checks (for issue.code ===
"too_small" and "too_big") use issue.type which in Zod v4 became issue.origin,
so updates are needed: change the conditional inspections from issue.type to
issue.origin for the relevant branches (the checks that compare to "string",
"number", and "array") so the string/number/array branches in the error handling
logic correctly match Zod v4.2.1 error shapes (keep the same comparisons to
"string"/"number"/"array" and preserve the existing minimum/maximum checks and
return messages).

---

Duplicate comments:
In `@ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx`:
- Around line 101-157: The effects that detect auth type (the useEffect blocks
that call setAzureAuthType/setVertexAuthType/setBedrockAuthType and
form.setValue) only depend on isAzure/isVertex/isBedrock and the stable form
object, so they don't rerun when form.reset() populates values; update each
effect to depend on the actual credential fields (or use form.watch) instead of
only the provider flag so they recompute when values change—specifically watch
the Azure fields "key.azure_key_config.client_id",
"key.azure_key_config.client_secret", "key.azure_key_config.tenant_id", and
"key.value" in the Azure effect, the Vertex fields
"key.vertex_key_config.auth_credentials" and "key.value" in the Vertex effect,
and the Bedrock fields "key.bedrock_key_config.access_key",
"key.bedrock_key_config.secret_key", and "key.value" in the Bedrock effect, then
run the same detection logic and call
setAzureAuthType/setVertexAuthType/setBedrockAuthType and
form.setValue("key.*._auth_type", detected) so UI and resolver state stay in
sync after form.reset().

In `@ui/lib/types/schemas.ts`:
- Around line 65-68: The client helper isEnvVarSet currently trims value/env_var
which diverges from the backend's EnvVar.IsSet behavior; update isEnvVarSet (the
function named isEnvVarSet) to consider any non-empty raw string as set by
removing the .trim() calls and using simple existence checks (e.g., check
v.value and v.env_var for non-empty strings) so the client is byte-for-byte
aligned with EnvVar.IsSet.
- Around line 233-250: The blur handler that currently calls parseFloat on the
weight input is bypassing the stricter zod parser—locate the weight input's
onBlur (the handler using parseFloat) and stop coercing the field to a numeric
prefix; instead, change the blur logic to use Number(val) and only write the
numeric value back into form state if Number.isFinite(num), otherwise leave the
raw string in the input so the zod transform (which uses Number(...) and rejects
non-numeric strings) runs on validation; update any calls to parseFloat(...) to
this Number + Number.isFinite check (or remove the coercion entirely and rely on
your form library's validation trigger) so "0.5abc" is preserved until zod
validates it.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d434cd7a-d6ab-4c1c-aab0-94b18bef4b18

📥 Commits

Reviewing files that changed from the base of the PR and between bf47ff7 and 20058ea.

📒 Files selected for processing (8)
  • core/schemas/envvar.go
  • core/schemas/envvar_test.go
  • framework/configstore/tables/encryption_test.go
  • framework/configstore/tables/key.go
  • ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx
  • ui/app/workspace/providers/views/modelProviderKeysTableView.tsx
  • ui/app/workspace/providers/views/providerKeyForm.tsx
  • ui/lib/types/schemas.ts
🚧 Files skipped from review as they are similar to previous changes (4)
  • ui/app/workspace/providers/views/providerKeyForm.tsx
  • framework/configstore/tables/key.go
  • ui/app/workspace/providers/views/modelProviderKeysTableView.tsx
  • core/schemas/envvar_test.go

Comment thread ui/lib/types/schemas.ts
@impoiler impoiler force-pushed the 04-06-fix_validation_in_all_provider_configuration_forms branch from 20058ea to bf2c06c Compare April 8, 2026 05:56
coderabbitai[bot]
coderabbitai Bot reviewed Apr 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
ui/app/workspace/providers/views/providerKeyForm.tsx (1)

131-139: ⚠️ Potential issue | 🟡 Minor

Removing isValid from the disabled condition allows submitting invalid forms.

The Save button is now only disabled when !form.formState.isDirty, meaning users can click Save on a dirty but invalid form. While Zod validation will still run on submit and show errors, this degrades UX by allowing an avoidable failed submission attempt.

Consider restoring the validity check:

 <Button
   type="submit"
-  disabled={!form.formState.isDirty}
+  disabled={!form.formState.isDirty || !form.formState.isValid}
   isLoading={form.formState.isSubmitting || isCreatingProviderKey || isUpdatingProviderKey}
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@ui/app/workspace/providers/views/providerKeyForm.tsx` around lines 131 - 139,
The Save Button currently disables only when !form.formState.isDirty, allowing
submissions of dirty but invalid forms; update the disabled condition on the
Button (data-testid "key-save-btn") to also check form.formState.isValid (e.g.,
disable when !form.formState.isDirty || !form.formState.isValid) so the button
remains disabled for invalid forms while keeping existing isLoading checks
(form.formState.isSubmitting, isCreatingProviderKey, isUpdatingProviderKey)
intact.
♻️ Duplicate comments (1)
ui/lib/types/schemas.ts (1)

65-69: ⚠️ Potential issue | 🟡 Minor

The trim() calls create a semantic mismatch with the backend IsSet().

The Go EnvVar.IsSet() method checks e.Val != "" || e.EnvVar != "" without trimming whitespace. This helper trims before checking, meaning whitespace-only values are treated as "not set" in the UI but "set" in the backend. This can cause the form to reject or clear fields that BeforeSave considers configured.

🛠️ Suggested fix to match backend semantics 
 function isEnvVarSet(v: { value?: string; env_var?: string } | undefined): boolean {
 	if (!v) return false;
-	return !!v.value?.trim() || !!v.env_var?.trim();
+	return (v.value ?? "") !== "" || (v.env_var ?? "") !== "";
 }
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@ui/lib/types/schemas.ts` around lines 65 - 69, The helper isEnvVarSet
currently trims values which differs from backend EnvVar.IsSet(); change
isEnvVarSet to match backend semantics by checking presence without trimming:
return false if v is undefined/null, otherwise treat a value as set when v.value
!== "" or v.env_var !== "" (i.e., use direct empty-string comparisons on the {
value?: string; env_var?: string } fields instead of .trim()) so UI and backend
agree on whitespace-only values being "set".
🧹 Nitpick comments (1)
core/schemas/envvar.go (1)

316-324: Consider documenting the distinction between IsSet() and IsDefined().

Both methods exist with overlapping but different semantics:

  • IsSet() (new): returns true if either Val or EnvVar is non-empty
  • IsDefined(): returns true if EnvVar is non-empty when FromEnv=true, else if Val is non-empty

This subtle difference could confuse callers. A brief doc comment on IsDefined() clarifying when to use each would help maintainability.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@core/schemas/envvar.go` around lines 316 - 324, Add a clarifying doc comment
on EnvVar.IsDefined() that explains the difference from IsSet(): state that
IsSet() returns true if either Val or EnvVar is non-empty, whereas IsDefined()
respects the FromEnv flag (when IsFromEnv() is true it only considers EnvVar
non-empty, otherwise it only considers Val non-empty); mention when callers
should prefer IsDefined() (respecting explicit source) versus IsSet() (any set
value) and reference the fields EnvVar, Val and the helper IsFromEnv() in the
comment.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@ui/app/workspace/providers/views/providerKeyForm.tsx`:
- Around line 131-139: The Save Button currently disables only when
!form.formState.isDirty, allowing submissions of dirty but invalid forms; update
the disabled condition on the Button (data-testid "key-save-btn") to also check
form.formState.isValid (e.g., disable when !form.formState.isDirty ||
!form.formState.isValid) so the button remains disabled for invalid forms while
keeping existing isLoading checks (form.formState.isSubmitting,
isCreatingProviderKey, isUpdatingProviderKey) intact.

---

Duplicate comments:
In `@ui/lib/types/schemas.ts`:
- Around line 65-69: The helper isEnvVarSet currently trims values which differs
from backend EnvVar.IsSet(); change isEnvVarSet to match backend semantics by
checking presence without trimming: return false if v is undefined/null,
otherwise treat a value as set when v.value !== "" or v.env_var !== "" (i.e.,
use direct empty-string comparisons on the { value?: string; env_var?: string }
fields instead of .trim()) so UI and backend agree on whitespace-only values
being "set".

---

Nitpick comments:
In `@core/schemas/envvar.go`:
- Around line 316-324: Add a clarifying doc comment on EnvVar.IsDefined() that
explains the difference from IsSet(): state that IsSet() returns true if either
Val or EnvVar is non-empty, whereas IsDefined() respects the FromEnv flag (when
IsFromEnv() is true it only considers EnvVar non-empty, otherwise it only
considers Val non-empty); mention when callers should prefer IsDefined()
(respecting explicit source) versus IsSet() (any set value) and reference the
fields EnvVar, Val and the helper IsFromEnv() in the comment.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: cd83ff19-2596-436e-aded-1bf72c94067f

📥 Commits

Reviewing files that changed from the base of the PR and between 20058ea and bf2c06c.

📒 Files selected for processing (8)
  • core/schemas/envvar.go
  • core/schemas/envvar_test.go
  • framework/configstore/tables/encryption_test.go
  • framework/configstore/tables/key.go
  • ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx
  • ui/app/workspace/providers/views/modelProviderKeysTableView.tsx
  • ui/app/workspace/providers/views/providerKeyForm.tsx
  • ui/lib/types/schemas.ts
🚧 Files skipped from review as they are similar to previous changes (4)
  • framework/configstore/tables/key.go
  • ui/app/workspace/providers/views/modelProviderKeysTableView.tsx
  • ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx
  • framework/configstore/tables/encryption_test.go

@impoiler impoiler force-pushed the 04-06-fix_validation_in_all_provider_configuration_forms branch from bf2c06c to 2c064ab Compare April 8, 2026 13:27
coderabbitai[bot]
coderabbitai Bot requested changes Apr 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

♻️ Duplicate comments (2)
ui/lib/types/schemas.ts (1)

65-69: ⚠️ Potential issue | 🟠 Major

Match backend EnvVar.IsSet() semantics in this helper.

This still trims before checking presence. The Go side now treats any non-empty raw value/env_var as configured, so this reintroduces a frontend/backend mismatch and can make the form reject or clear fields that persistence would keep.

Suggested fix 
 function isEnvVarSet(v: { value?: string; env_var?: string } | undefined): boolean {
 	if (!v) return false;
-	return !!v.value?.trim() || !!v.env_var?.trim();
+	return (v.value ?? "") !== "" || (v.env_var ?? "") !== "";
 }
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@ui/lib/types/schemas.ts` around lines 65 - 69, The helper isEnvVarSet
currently trims fields before checking which mismatches backend semantics;
update it to consider any non-empty raw string as set (including whitespace). In
function isEnvVarSet, stop using .trim() and instead return true if v is defined
and (v.value !== undefined && v.value !== '') or (v.env_var !== undefined &&
v.env_var !== ''), so presence is based on raw non-empty strings to match
backend EnvVar.IsSet().
ui/app/workspace/providers/views/modelProviderKeysTableView.tsx (1)

178-184: ⚠️ Potential issue | 🟡 Minor

Expand hasEnvVarConfig to the rest of the auth fields.

This still misses env-backed inputs added by the new auth modes—e.g. Azure api_version/Entra fields, Vertex project_number/auth_credentials, Bedrock credential or role fields, and Ollama/SGL URLs—so those resolution failures still fall back to the generic error icon.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@ui/app/workspace/providers/views/modelProviderKeysTableView.tsx` around lines
178 - 184, The current hasEnvVarConfig boolean in modelProviderKeysTableView.tsx
only checks a subset of env-backed auth inputs and needs to be expanded to
include all new auth-mode fields so the UI detects env-resolved keys correctly;
update the expression that defines hasEnvVarConfig (the constant inside the
component rendering the keys table) to also OR-in checks for Azure's api_version
and any Entra-related fields (e.g., tenant/client id/secret flags), Vertex's
project_number and auth_credentials.from_env, Bedrock's credential and role
fields, and Ollama/SGL url fields (and any other new provider URL/credential
flags added) so the boolean reflects any env-backed source across all provider
configs.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@ui/app/workspace/providers/views/modelProviderKeysTableView.tsx`:
- Around line 185-195: The view currently infers env-var resolution failures by
regexing key.description (the isEnvResolutionError variable) which is brittle;
instead update the API/type to include a typed failure reason (e.g.,
key.failureReason or key.resolutionStatus enum with values like "EnvVarNotSet")
and change the component logic in modelProviderKeysTableView.tsx to check that
typed field (e.g., key.failureReason === 'EnvVarNotSet') before rendering the
Tooltip/AlertCircle and use key.description only as human text inside the
tooltip; also update the TypeScript types/interfaces for Key to include the new
field and make the UI conservative (do not show env-var warning if the typed
field is absent).

In `@ui/lib/types/schemas.ts`:
- Around line 191-199: The current refine for vllmKeyConfigSchema (and similarly
for the Ollama/SGL schemas around the other block) only checks presence via
isEnvVarSet, which lets raw strings like "localhost" pass; update the refine to
branch on whether url matches envVarSchema (use the same logic as isEnvVarSet
for env-var-backed values) and for direct string values attempt to
parse/validate them as real URLs (e.g., using the URL constructor or a strict
URL validation) and return false when parsing fails so invalid raw endpoints are
rejected; apply the same change to the corresponding schemas (the Ollama and SGL
config schemas) so env-var URLs remain presence-only but direct string URLs are
properly validated.

---

Duplicate comments:
In `@ui/app/workspace/providers/views/modelProviderKeysTableView.tsx`:
- Around line 178-184: The current hasEnvVarConfig boolean in
modelProviderKeysTableView.tsx only checks a subset of env-backed auth inputs
and needs to be expanded to include all new auth-mode fields so the UI detects
env-resolved keys correctly; update the expression that defines hasEnvVarConfig
(the constant inside the component rendering the keys table) to also OR-in
checks for Azure's api_version and any Entra-related fields (e.g., tenant/client
id/secret flags), Vertex's project_number and auth_credentials.from_env,
Bedrock's credential and role fields, and Ollama/SGL url fields (and any other
new provider URL/credential flags added) so the boolean reflects any env-backed
source across all provider configs.

In `@ui/lib/types/schemas.ts`:
- Around line 65-69: The helper isEnvVarSet currently trims fields before
checking which mismatches backend semantics; update it to consider any non-empty
raw string as set (including whitespace). In function isEnvVarSet, stop using
.trim() and instead return true if v is defined and (v.value !== undefined &&
v.value !== '') or (v.env_var !== undefined && v.env_var !== ''), so presence is
based on raw non-empty strings to match backend EnvVar.IsSet().
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: c3cd8bee-91c4-433f-a157-7bb7d491eca5

📥 Commits

Reviewing files that changed from the base of the PR and between bf2c06c and 2c064ab.

📒 Files selected for processing (8)
  • core/schemas/envvar.go
  • core/schemas/envvar_test.go
  • framework/configstore/tables/encryption_test.go
  • framework/configstore/tables/key.go
  • ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx
  • ui/app/workspace/providers/views/modelProviderKeysTableView.tsx
  • ui/app/workspace/providers/views/providerKeyForm.tsx
  • ui/lib/types/schemas.ts
✅ Files skipped from review due to trivial changes (1)
  • framework/configstore/tables/encryption_test.go
🚧 Files skipped from review as they are similar to previous changes (5)
  • ui/app/workspace/providers/views/providerKeyForm.tsx
  • core/schemas/envvar.go
  • framework/configstore/tables/key.go
  • core/schemas/envvar_test.go
  • ui/app/workspace/providers/fragments/apiKeysFormFragment.tsx

Comment thread ui/app/workspace/providers/views/modelProviderKeysTableView.tsx
Comment thread ui/lib/types/schemas.ts
sammaji
sammaji reviewed Apr 8, 2026
View reviewed changes
Comment thread core/schemas/envvar.go
Comment on lines +265 to +274
// IsSet returns true if the EnvVar has a resolved value or an environment variable reference.
// This should be used instead of GetValue() != "" when checking whether a field was configured,
// because env var references may have an empty Val before resolution (e.g., when the env var
// is not available in the current environment).
func (e *EnvVar) IsSet() bool {
if e == nil {
return false
}
return e.Val != "" || e.EnvVar != ""
}
Copy link
Copy Markdown
Member

@sammaji sammaji Apr 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@impoiler there is a utility function for this already - IsDefined

@akshaydeo Graphite App
Copy link
Copy Markdown
Contributor

akshaydeo commented Apr 8, 2026
edited
Loading

Merge activity

  • Apr 8, 2:07 PM UTC: A user started a stack merge that includes this pull request via Graphite.
  • Apr 8, 2:08 PM UTC: @akshaydeo merged this pull request with Graphite.

@akshaydeo akshaydeo merged commit 51ec9b0 into v1.5.0 Apr 8, 2026
15 of 16 checks passed
@akshaydeo akshaydeo deleted the 04-06-fix_validation_in_all_provider_configuration_forms branch April 8, 2026 14:08
@impoiler impoiler mentioned this pull request Apr 8, 2026
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sammaji sammaji sammaji left review comments

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

@Pratham-Mishra04 Pratham-Mishra04 Pratham-Mishra04 approved these changes

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

Assignees

@impoiler impoiler

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Files API Support

4 participants

@impoiler @akshaydeo @Pratham-Mishra04 @sammaji