Skip to content

fix(proxy): fall back to cloud-cache provider catalog when local registry misses#32

Merged
thomas-supervisor merged 1 commit intomainfrom
fix-cloud-provider-catalog
May 5, 2026
Merged

fix(proxy): fall back to cloud-cache provider catalog when local registry misses#32
thomas-supervisor merged 1 commit intomainfrom
fix-cloud-provider-catalog

Conversation

@thomas-supervisor
Copy link
Copy Markdown
Collaborator

@thomas-supervisor thomas-supervisor commented May 5, 2026

Closes the gap surfaced by the M2 E2E walkthrough.

The problem

User flow:

  1. `POST /v1/providers` on thomas-cloud → "xiangxin" registered with originBaseUrl etc.
  2. `PUT /v1/agents/bindings/claude-code` → static binding to `xiangxin/...`
  3. Local: `thomas cloud login && thomas cloud sync` → cache populated with both binding AND provider metadata
  4. Send a request → proxy returns "Unknown provider xiangxin" ← the bug

Cause: `attempt()` resolved providers via `getProvider()`, which only consults builtins + `~/.thomas/providers.json`. The cloud cache's `providers[]` was data the proxy never read. So users had to double-register every cloud provider locally to make routing work — defeating the "cloud下发了模型配置给local" goal.

The fix

Local-first, cloud-as-fallback:

```
attempt()

  1. getProvider(id) ← builtins + ~/.thomas/providers.json (unchanged)
  2. loadProviderFromCloudCache(id) ← reads ~/.thomas/cloud-cache.json (new)
  3. neither → 503 unknown_provider
    ```

`src/cloud/providers.ts` is a pure cache reader: returns a `ProviderSpec` from the snapshot, or `undefined` if the provider isn't there / has unknown protocol / has no `originBaseUrl`.

Privacy boundary unchanged

Credentials NEVER come from cloud. `findCredential()` still reads only `~/.thomas/credentials.json`. If the user binds an agent to a cloud provider without a local key, they still get a 503 — but the message now mentions the provider came from cloud and points at the exact `thomas providers add` command (legacy was just "Unknown provider", a dead end).

Why local-first ordering

Explicit `thomas providers register` should win over a cloud snapshot — the user's machine remains authoritative for any provider they've explicitly locked in. The 3rd test case verifies this.

Tests

`tests/cloud-provider-fallback.test.ts` — 3 fake-server cases:

scenario result
cloud-only provider, local key present 200; upstream sees the local key
cloud-only provider, NO local key 502; body has clearer remediation pointing at `thomas providers add `
same id in cloud + local local wins (cloud upstream untouched)

266 / 266 tests pass, build 187 KB.

End-to-end implication

After this lands, the M2 happy path (which I walked through manually earlier today) would have just worked without the workaround:

```sh

(cloud) configure provider + binding

curl -X POST .../v1/providers ...
curl -X PUT .../v1/agents/bindings/claude-code ...

(local) login + sync + (only) add the credential

thomas cloud login --base-url http://...
thomas cloud sync
thomas providers add xiangxin ← only this remains; no register needed

go

claude "..." # routes through proxy → translates anthropic→openai → xiangxinai → translates back
```

🤖 Generated with Claude Code

@claude
feat(proxy): fall back to cloud-cache provider catalog when getProvid…
012a806 
…er misses

Closes the gap surfaced by the M2 E2E walkthrough: when a user configured a
provider on thomas-cloud but hadn't run \`thomas providers register <id>\`
locally, the proxy returned "Unknown provider" even though the cloud
snapshot fully described how to reach it. Result: the user had to register
the same provider in two places.

Now the lookup is local-first, cloud-as-fallback:

  attempt()
    1. getProvider(id)              ← builtins + ~/.thomas/providers.json (existing)
    2. loadProviderFromCloudCache(id) ← reads cloud-cache.providers (new)
    3. neither → 503 unknown_provider

Privacy boundary unchanged: this is metadata only (originBaseUrl, protocol).
**Credentials NEVER come from cloud** — they always live in
~/.thomas/credentials.json. If the user binds an agent to a cloud provider
without a local key, they still get 503 "no credentials for X" — but with
a clear remediation pointing at \`thomas providers add <id> <key>\` and
noting the provider came from cloud (not the legacy "unknown provider"
message that was effectively a dead end).

Local-first ordering means an explicit \`thomas providers register\` still
wins over a cloud snapshot of the same id — the user's machine remains
authoritative for endpoints they care to lock in.

Adds:
  src/cloud/providers.ts       loadProviderFromCloudCache()
  tests/cloud-provider-fallback.test.ts
    - cloud-only provider with local key       → 200, request goes through
    - cloud-only provider without local key    → 502, "delivered from cloud"
                                                  hint includes \`thomas
                                                  providers add\` command
    - same id in both stores                   → local wins (cloud not hit)

266/266 tests pass; build 187 KB.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@thomas-supervisor thomas-supervisor merged commit 29766f7 into main May 5, 2026
4 checks passed
@thomas-supervisor thomas-supervisor deleted the fix-cloud-provider-catalog branch May 5, 2026 13:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@thomas-supervisor