From d9b4af797d55fd743d4f14cca8dd0e5b02047314 Mon Sep 17 00:00:00 2001 From: I Putu Eddy Irawan Date: Mon, 2 Mar 2026 22:26:36 +0700 Subject: [PATCH 1/3] feat: add .env file loading and provider env overrides Load .env files from the config directory before reading config.json, enabling secrets and API keys to be stored outside version control. Supports fresh installs (no config.json) by applying env vars and provider overrides to the default config. Adds loadProviderEnvOverrides() for PICOCLAW_PROVIDERS__API_KEY and _API_BASE environment variables across all standard providers. Co-Authored-By: Claude Opus 4.6 --- go.mod | 5 ++-- go.sum | 2 ++ pkg/config/config.go | 63 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 68 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index 7892cade6..18d762b25 100644 --- a/go.mod +++ b/go.mod @@ -8,13 +8,16 @@ require ( github.com/bwmarrin/discordgo v0.29.0 github.com/caarlos0/env/v11 v11.3.1 github.com/chzyer/readline v1.5.1 + github.com/gdamore/tcell/v2 v2.13.8 github.com/google/uuid v1.6.0 github.com/gorilla/websocket v1.5.3 + github.com/joho/godotenv v1.5.1 github.com/larksuite/oapi-sdk-go/v3 v3.5.3 github.com/mdp/qrterminal/v3 v3.2.1 github.com/mymmrac/telego v1.6.0 github.com/open-dingtalk/dingtalk-stream-sdk-go v0.9.1 github.com/openai/openai-go/v3 v3.22.0 + github.com/rivo/tview v0.42.0 github.com/slack-go/slack v0.17.3 github.com/spf13/cobra v1.10.2 github.com/stretchr/testify v1.11.1 @@ -34,7 +37,6 @@ require ( github.com/dustin/go-humanize v1.0.1 // indirect github.com/elliotchance/orderedmap/v3 v3.1.0 // indirect github.com/gdamore/encoding v1.0.1 // indirect - github.com/gdamore/tcell/v2 v2.13.8 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/lucasb-eyer/go-colorful v1.3.0 // indirect github.com/mattn/go-colorable v0.1.14 // indirect @@ -43,7 +45,6 @@ require ( github.com/petermattis/goid v0.0.0-20260113132338-7c7de50cc741 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect - github.com/rivo/tview v0.42.0 // indirect github.com/rivo/uniseg v0.4.7 // indirect github.com/rs/zerolog v1.34.0 // indirect github.com/spf13/pflag v1.0.10 // indirect diff --git a/go.sum b/go.sum index d1ee1d629..00f2b1600 100644 --- a/go.sum +++ b/go.sum @@ -101,6 +101,8 @@ github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyf github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0= +github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.18.4 h1:RPhnKRAQ4Fh8zU2FY/6ZFDwTVTxgJ/EMydqSTzE9a2c= diff --git a/pkg/config/config.go b/pkg/config/config.go index c4c175495..a2151ccc2 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -3,10 +3,13 @@ package config import ( "encoding/json" "fmt" + "log" "os" + "path/filepath" "sync/atomic" "github.com/caarlos0/env/v11" + "github.com/joho/godotenv" "github.com/sipeed/picoclaw/pkg/fileutil" ) @@ -597,9 +600,28 @@ type ClawHubRegistryConfig struct { func LoadConfig(path string) (*Config, error) { cfg := DefaultConfig() + // Load .env file from config directory (secrets, API keys, etc.) + // This runs before reading config.json so .env works even on fresh installs. + envFile := filepath.Join(filepath.Dir(path), ".env") + if err := godotenv.Load(envFile); err != nil { + if os.IsNotExist(err) { + log.Printf("[INFO] No .env file found at %s; skipping .env loading", envFile) + } else { + log.Printf("[WARN] Failed to load .env file from %s: %v", envFile, err) + } + } + data, err := os.ReadFile(path) if err != nil { if os.IsNotExist(err) { + // No config file — still apply env vars + overrides to default config + if err := env.Parse(cfg); err != nil { + return nil, err + } + loadProviderEnvOverrides(cfg) + if cfg.HasProvidersConfig() { + cfg.ModelList = ConvertProvidersToModelList(cfg) + } return cfg, nil } return nil, err @@ -627,6 +649,9 @@ func LoadConfig(path string) (*Config, error) { return nil, err } + // Load provider-specific env overrides (PICOCLAW_PROVIDERS__API_KEY, etc.) + loadProviderEnvOverrides(cfg) + // Migrate legacy channel config fields to new unified structures cfg.migrateChannelConfigs() @@ -775,3 +800,41 @@ func (c *Config) ValidateModelList() error { } return nil } + +// loadProviderEnvOverrides reads PICOCLAW_PROVIDERS__API_KEY and _API_BASE +// environment variables and sets them on the corresponding provider config fields. +// This enables storing provider secrets in .env files without using struct tags. +func loadProviderEnvOverrides(cfg *Config) { + providers := []struct { + name string + apiKey *string + base *string + }{ + {"ANTHROPIC", &cfg.Providers.Anthropic.APIKey, &cfg.Providers.Anthropic.APIBase}, + {"OPENAI", &cfg.Providers.OpenAI.APIKey, &cfg.Providers.OpenAI.APIBase}, + {"OPENROUTER", &cfg.Providers.OpenRouter.APIKey, &cfg.Providers.OpenRouter.APIBase}, + {"GROQ", &cfg.Providers.Groq.APIKey, &cfg.Providers.Groq.APIBase}, + {"ZHIPU", &cfg.Providers.Zhipu.APIKey, &cfg.Providers.Zhipu.APIBase}, + {"GEMINI", &cfg.Providers.Gemini.APIKey, &cfg.Providers.Gemini.APIBase}, + {"NVIDIA", &cfg.Providers.Nvidia.APIKey, &cfg.Providers.Nvidia.APIBase}, + {"OLLAMA", &cfg.Providers.Ollama.APIKey, &cfg.Providers.Ollama.APIBase}, + {"MOONSHOT", &cfg.Providers.Moonshot.APIKey, &cfg.Providers.Moonshot.APIBase}, + {"SHENGSUANYUN", &cfg.Providers.ShengSuanYun.APIKey, &cfg.Providers.ShengSuanYun.APIBase}, + {"DEEPSEEK", &cfg.Providers.DeepSeek.APIKey, &cfg.Providers.DeepSeek.APIBase}, + {"MISTRAL", &cfg.Providers.Mistral.APIKey, &cfg.Providers.Mistral.APIBase}, + {"VLLM", &cfg.Providers.VLLM.APIKey, &cfg.Providers.VLLM.APIBase}, + {"CEREBRAS", &cfg.Providers.Cerebras.APIKey, &cfg.Providers.Cerebras.APIBase}, + {"VOLCENGINE", &cfg.Providers.VolcEngine.APIKey, &cfg.Providers.VolcEngine.APIBase}, + {"QWEN", &cfg.Providers.Qwen.APIKey, &cfg.Providers.Qwen.APIBase}, + // Note: GitHubCopilot and Antigravity use different auth patterns (ConnectMode/AuthMethod), + // not standard APIKey/APIBase, so they are not included here. + } + for _, p := range providers { + if v := os.Getenv("PICOCLAW_PROVIDERS_" + p.name + "_API_KEY"); v != "" { + *p.apiKey = v + } + if v := os.Getenv("PICOCLAW_PROVIDERS_" + p.name + "_API_BASE"); v != "" { + *p.base = v + } + } +} From 84ded81a8cee24f9bd3ef6c1fb1e624ad9695d56 Mon Sep 17 00:00:00 2001 From: I Putu Eddy Irawan Date: Mon, 2 Mar 2026 22:50:59 +0700 Subject: [PATCH 2/3] Address Copilot review feedback for .env loading - Add migrateChannelConfigs() and ValidateModelList() to the fresh- install path (no config.json) so legacy env vars are migrated and model list is validated consistently with the normal loading path - Use os.LookupEnv instead of os.Getenv in loadProviderEnvOverrides so explicitly empty env vars (e.g. PICOCLAW_PROVIDERS_X_API_BASE=) can clear values from config.json - Guard .env loading with sync.Once to avoid repeated disk I/O and noisy log messages when LoadConfig is called from polling handlers - Add tests: .env file loading, missing config.json with env vars, malformed .env non-fatal behavior, and LookupEnv empty-override Note: go.mod tcell/v2 and tview are correctly listed as direct deps (they are imported by the launcher TUI); upstream go.mod was stale. Co-Authored-By: Claude Opus 4.6 --- pkg/config/config.go | 33 +++++++++----- pkg/config/config_test.go | 95 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 118 insertions(+), 10 deletions(-) diff --git a/pkg/config/config.go b/pkg/config/config.go index a2151ccc2..bf1cc2fb1 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -6,6 +6,7 @@ import ( "log" "os" "path/filepath" + "sync" "sync/atomic" "github.com/caarlos0/env/v11" @@ -14,6 +15,11 @@ import ( "github.com/sipeed/picoclaw/pkg/fileutil" ) +// dotenvOnce ensures .env loading runs at most once per process, +// avoiding repeated disk I/O and noisy logs when LoadConfig is +// called from polling handlers. +var dotenvOnce sync.Once + // rrCounter is a global counter for round-robin load balancing across models. var rrCounter atomic.Uint64 @@ -601,15 +607,18 @@ func LoadConfig(path string) (*Config, error) { cfg := DefaultConfig() // Load .env file from config directory (secrets, API keys, etc.) - // This runs before reading config.json so .env works even on fresh installs. - envFile := filepath.Join(filepath.Dir(path), ".env") - if err := godotenv.Load(envFile); err != nil { - if os.IsNotExist(err) { - log.Printf("[INFO] No .env file found at %s; skipping .env loading", envFile) - } else { - log.Printf("[WARN] Failed to load .env file from %s: %v", envFile, err) + // Guarded by sync.Once to avoid repeated disk I/O and noisy logs + // when LoadConfig is called from polling handlers. + dotenvOnce.Do(func() { + envFile := filepath.Join(filepath.Dir(path), ".env") + if err := godotenv.Load(envFile); err != nil { + if os.IsNotExist(err) { + log.Printf("[INFO] No .env file found at %s; skipping .env loading", envFile) + } else { + log.Printf("[WARN] Failed to load .env file from %s: %v", envFile, err) + } } - } + }) data, err := os.ReadFile(path) if err != nil { @@ -619,9 +628,13 @@ func LoadConfig(path string) (*Config, error) { return nil, err } loadProviderEnvOverrides(cfg) + cfg.migrateChannelConfigs() if cfg.HasProvidersConfig() { cfg.ModelList = ConvertProvidersToModelList(cfg) } + if err := cfg.ValidateModelList(); err != nil { + return nil, err + } return cfg, nil } return nil, err @@ -830,10 +843,10 @@ func loadProviderEnvOverrides(cfg *Config) { // not standard APIKey/APIBase, so they are not included here. } for _, p := range providers { - if v := os.Getenv("PICOCLAW_PROVIDERS_" + p.name + "_API_KEY"); v != "" { + if v, ok := os.LookupEnv("PICOCLAW_PROVIDERS_" + p.name + "_API_KEY"); ok { *p.apiKey = v } - if v := os.Getenv("PICOCLAW_PROVIDERS_" + p.name + "_API_BASE"); v != "" { + if v, ok := os.LookupEnv("PICOCLAW_PROVIDERS_" + p.name + "_API_BASE"); ok { *p.base = v } } diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go index 6af7c209e..9b1be848b 100644 --- a/pkg/config/config_test.go +++ b/pkg/config/config_test.go @@ -6,6 +6,7 @@ import ( "path/filepath" "runtime" "strings" + "sync" "testing" ) @@ -467,3 +468,97 @@ func TestDefaultConfig_WorkspacePath_WithPicoclawHome(t *testing.T) { t.Errorf("Workspace path with PICOCLAW_HOME = %q, want %q", cfg.Agents.Defaults.Workspace, want) } } + +func TestLoadConfig_DotenvFileLoaded(t *testing.T) { + // Reset sync.Once so .env loading runs for this test + dotenvOnce = sync.Once{} + + dir := t.TempDir() + configPath := filepath.Join(dir, "config.json") + + // Write a minimal config.json + if err := os.WriteFile(configPath, []byte(`{}`), 0o600); err != nil { + t.Fatalf("WriteFile config: %v", err) + } + + // Write a .env file with a provider API key + envFile := filepath.Join(dir, ".env") + if err := os.WriteFile(envFile, []byte("PICOCLAW_PROVIDERS_OPENAI_API_KEY=sk-from-dotenv\n"), 0o600); err != nil { + t.Fatalf("WriteFile .env: %v", err) + } + + // Clear the env var first to ensure it comes from .env + t.Setenv("PICOCLAW_PROVIDERS_OPENAI_API_KEY", "") + os.Unsetenv("PICOCLAW_PROVIDERS_OPENAI_API_KEY") + + cfg, err := LoadConfig(configPath) + if err != nil { + t.Fatalf("LoadConfig() error: %v", err) + } + + if cfg.Providers.OpenAI.APIKey != "sk-from-dotenv" { + t.Errorf("OpenAI.APIKey = %q, want %q", cfg.Providers.OpenAI.APIKey, "sk-from-dotenv") + } +} + +func TestLoadConfig_MissingConfigJSON_AppliesEnvVars(t *testing.T) { + // Reset sync.Once so .env loading runs for this test + dotenvOnce = sync.Once{} + + dir := t.TempDir() + configPath := filepath.Join(dir, "config.json") // does NOT exist + + t.Setenv("PICOCLAW_PROVIDERS_ANTHROPIC_API_KEY", "sk-anthropic-test") + + cfg, err := LoadConfig(configPath) + if err != nil { + t.Fatalf("LoadConfig() error: %v", err) + } + + if cfg.Providers.Anthropic.APIKey != "sk-anthropic-test" { + t.Errorf("Anthropic.APIKey = %q, want %q", cfg.Providers.Anthropic.APIKey, "sk-anthropic-test") + } +} + +func TestLoadConfig_MalformedDotenv_NonFatal(t *testing.T) { + // Reset sync.Once so .env loading runs for this test + dotenvOnce = sync.Once{} + + dir := t.TempDir() + configPath := filepath.Join(dir, "config.json") + + // Write a minimal config.json + if err := os.WriteFile(configPath, []byte(`{}`), 0o600); err != nil { + t.Fatalf("WriteFile config: %v", err) + } + + // Write a malformed .env file (missing value after '=') + envFile := filepath.Join(dir, ".env") + if err := os.WriteFile(envFile, []byte("VALID_KEY=valid_value\n"), 0o600); err != nil { + t.Fatalf("WriteFile .env: %v", err) + } + + // LoadConfig should not fail even with unusual .env content + cfg, err := LoadConfig(configPath) + if err != nil { + t.Fatalf("LoadConfig() should not fail with .env issues, got error: %v", err) + } + if cfg == nil { + t.Fatal("LoadConfig() returned nil config") + } +} + +func TestLoadProviderEnvOverrides_LookupEnv(t *testing.T) { + cfg := DefaultConfig() + + // Set a key to a non-empty value, then override with empty via env + cfg.Providers.OpenRouter.APIBase = "https://original.com" + t.Setenv("PICOCLAW_PROVIDERS_OPENROUTER_API_BASE", "") + + loadProviderEnvOverrides(cfg) + + // os.LookupEnv should detect the set-but-empty env var and clear the field + if cfg.Providers.OpenRouter.APIBase != "" { + t.Errorf("OpenRouter.APIBase = %q, want empty (overridden by empty env var)", cfg.Providers.OpenRouter.APIBase) + } +} From e503c87c18e7e02bc9c3dbc13f43b279f0cca469 Mon Sep 17 00:00:00 2001 From: I Putu Eddy Irawan Date: Tue, 3 Mar 2026 22:14:25 +0700 Subject: [PATCH 3/3] fix: add LiteLLM to env overrides and fix malformed .env test - Add missing LITELLM entry to loadProviderEnvOverrides so PICOCLAW_PROVIDERS_LITELLM_API_KEY/API_BASE env vars work - Replace valid .env content in TestLoadConfig_MalformedDotenv_NonFatal with genuinely malformed content (bare key without '=') to actually exercise the non-fatal error path Co-Authored-By: Claude Opus 4.6 --- pkg/config/config.go | 1 + pkg/config/config_test.go | 7 ++++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/pkg/config/config.go b/pkg/config/config.go index 9fe4142f7..793156be0 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -868,6 +868,7 @@ func loadProviderEnvOverrides(cfg *Config) { }{ {"ANTHROPIC", &cfg.Providers.Anthropic.APIKey, &cfg.Providers.Anthropic.APIBase}, {"OPENAI", &cfg.Providers.OpenAI.APIKey, &cfg.Providers.OpenAI.APIBase}, + {"LITELLM", &cfg.Providers.LiteLLM.APIKey, &cfg.Providers.LiteLLM.APIBase}, {"OPENROUTER", &cfg.Providers.OpenRouter.APIKey, &cfg.Providers.OpenRouter.APIBase}, {"GROQ", &cfg.Providers.Groq.APIKey, &cfg.Providers.Groq.APIBase}, {"ZHIPU", &cfg.Providers.Zhipu.APIKey, &cfg.Providers.Zhipu.APIBase}, diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go index 9b1be848b..fb11799d4 100644 --- a/pkg/config/config_test.go +++ b/pkg/config/config_test.go @@ -532,13 +532,14 @@ func TestLoadConfig_MalformedDotenv_NonFatal(t *testing.T) { t.Fatalf("WriteFile config: %v", err) } - // Write a malformed .env file (missing value after '=') + // Write a .env file with genuinely malformed content (bare key without '=', + // mixed with a valid line) to verify godotenv.Load errors are non-fatal. envFile := filepath.Join(dir, ".env") - if err := os.WriteFile(envFile, []byte("VALID_KEY=valid_value\n"), 0o600); err != nil { + if err := os.WriteFile(envFile, []byte("THIS_LINE_HAS_NO_EQUALS\nVALID_KEY=valid_value\n"), 0o600); err != nil { t.Fatalf("WriteFile .env: %v", err) } - // LoadConfig should not fail even with unusual .env content + // LoadConfig should not fail even with malformed .env content cfg, err := LoadConfig(configPath) if err != nil { t.Fatalf("LoadConfig() should not fail with .env issues, got error: %v", err)