Skip to content

LLMGatewayKeySpec: add explicit Literal field to prevent silent typo bugs #5177

Closed
Closed
LLMGatewayKeySpec: add explicit Literal field to prevent silent typo bugs#5177
Labels
apiItems related to the APIbugSomething isn't workingclientenhancementNew feature or request
@yrobla

Description

@yrobla
yrobla
opened on May 4, 2026

Context

Identified in PR #5142 review by @JAORMX and Copilot.

Problem

llmValueForSpec in pkg/client/llm_gateway.go has a default: case that writes the ValueField string verbatim as a literal value when it doesn't match any known resolver. This is currently used intentionally for gemini-api-key in the Gemini CLI config entry.

The foot-gun: a typo in any known ValueField (e.g. "GatwayURL" instead of "GatewayURL") silently writes the typo as a literal string into the user's settings file — no error, no test catches it.

Additionally, the doc comment on LLMGatewayKeySpec says "Exactly one of ValueField or Literal must be set", but the code does not enforce mutual exclusion (Literal wins if both are set).

Suggested fix

Add an explicit Literal field to LLMGatewayKeySpec:

type LLMGatewayKeySpec struct {
    JSONPointer    string
    ValueField     string // must be empty when Literal is set
    Literal        string // written verbatim; must be empty when ValueField is set
    ClearWhenEmpty bool
}

And validate at startup (or in llmValueForSpec) that exactly one of ValueField/Literal is non-empty. Unknown ValueField values should return an error rather than being silently treated as literals.

The Gemini CLI entry becomes:

{JSONPointer: "/security/auth/selectedType", Literal: "gemini-api-key"},

References

Metadata

Metadata

Assignees

No one assigned

    Labels

    apiItems related to the APIbugSomething isn't workingclientenhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions