refactor: dedupe provider usage auth/fetch logic and expand coverage

src/infra/provider-usage.auth.ts

@@ -8,7 +8,7 @@ import {
   resolveApiKeyForProfile,
   resolveAuthProfileOrder,
 } from "../agents/auth-profiles.js";
-import { getCustomProviderApiKey, resolveEnvApiKey } from "../agents/model-auth.js";
+import { getCustomProviderApiKey } from "../agents/model-auth.js";
 import { normalizeProviderId } from "../agents/model-selection.js";
 import { loadConfig } from "../config/config.js";
 import { normalizeSecretInput } from "../utils/normalize-secret-input.js";
@@ -21,9 +21,6 @@ export type ProviderAuth = {
 };
 
 function parseGoogleToken(apiKey: string): { token: string } | null {
-  if (!apiKey) {
-    return null;
-  }
   try {
     const parsed = JSON.parse(apiKey) as { token?: unknown };
     if (parsed && typeof parsed.token === "string") {
@@ -42,11 +39,6 @@ function resolveZaiApiKey(): string | undefined {
     return envDirect;
   }
 
-  const envResolved = resolveEnvApiKey("zai");
-  if (envResolved?.apiKey) {
-    return envResolved.apiKey;
-  }
-
   const cfg = loadConfig();
   const key = getCustomProviderApiKey(cfg, "zai") || getCustomProviderApiKey(cfg, "z-ai");
   if (key) {
@@ -103,11 +95,6 @@ function resolveProviderApiKeyFromConfigAndStore(params: {
     return envDirect;
   }
 
-  const envResolved = resolveEnvApiKey(params.providerId);
-  if (envResolved?.apiKey) {
-    return envResolved.apiKey;
-  }
-
   const cfg = loadConfig();
   const key = getCustomProviderApiKey(cfg, params.providerId);
   if (key) {
@@ -115,21 +102,23 @@ function resolveProviderApiKeyFromConfigAndStore(params: {
   }
 
   const store = ensureAuthProfileStore();
-  const apiProfile = listProfilesForProvider(store, params.providerId).find((id) => {
-    const cred = store.profiles[id];
-    return cred?.type === "api_key" || cred?.type === "token";
-  });
-  if (!apiProfile) {
+  const cred = listProfilesForProvider(store, params.providerId)
+    .map((id) => store.profiles[id])
+    .find(
+      (
+        profile,
+      ): profile is
+        | { type: "api_key"; provider: string; key: string }
+        | { type: "token"; provider: string; token: string } =>
+        profile?.type === "api_key" || profile?.type === "token",
+    );
+  if (!cred) {
     return undefined;
   }
-  const cred = store.profiles[apiProfile];
-  if (cred?.type === "api_key") {
+  if (cred.type === "api_key") {
     return normalizeSecretInput(cred.key);
   }
-  if (cred?.type === "token") {
-    return normalizeSecretInput(cred.token);
-  }
-  return undefined;
+  return normalizeSecretInput(cred.token);
 }
 
 async function resolveOAuthToken(params: {
@@ -161,22 +150,21 @@ async function resolveOAuthToken(params: {
         profileId,
         agentDir: params.agentDir,
       });
-      if (!resolved?.apiKey) {
-        continue;
+      if (resolved) {
+        let token = resolved.apiKey;
+        if (params.provider === "google-gemini-cli" || params.provider === "google-antigravity") {
+          const parsed = parseGoogleToken(resolved.apiKey);
+          token = parsed?.token ?? resolved.apiKey;
+        }
+        return {
+          provider: params.provider,
+          token,
+          accountId:
+            cred.type === "oauth" && "accountId" in cred
+              ? (cred as { accountId?: string }).accountId
+              : undefined,
+        };
       }
-      let token = resolved.apiKey;
-      if (params.provider === "google-gemini-cli" || params.provider === "google-antigravity") {
-        const parsed = parseGoogleToken(resolved.apiKey);
-        token = parsed?.token ?? resolved.apiKey;
-      }
-      return {
-        provider: params.provider,
-        token,
-        accountId:
-          cred.type === "oauth" && "accountId" in cred
-            ? (cred as { accountId?: string }).accountId
-            : undefined,
-      };
     } catch {
       // ignore
     }