omp v16.1.16 hardcodes the built-in zai provider to
https://api.z.ai/api/anthropic (Anthropic-compatible endpoint) which
requires 'x-api-key' header. omp only sends 'Authorization: Bearer', so
the built-in zai provider always returns 401 on real Z.ai API keys.
The OpenAI-compatible endpoint https://api.z.ai/api/coding/paas/v4
accepts Authorization: Bearer and works fine. The user's existing
~/.omp/agent/models.yml defines a custom 'zai-coding' provider pointed at
this endpoint, but the apiKey field was set to 'ZAI_CODING_API_KEY' which
omp treats as a literal string (not an env var reference), so the request
was 'Authorization: Bearer ZAI_CODING_API_KEY' which 401s.
Fix: include the literal zai API key in the apiKey field. This is
identical to the existing encrypted zai.key secret (same key, decrypted
on apply). The encrypted file is in chezmoi so it stays encrypted at rest
and chmod 644 on disk — same perms as the existing zai.key.
Verified manually on byte before commit:
omp --print --model zai-coding/glm-5.2:xhigh 'hi'
→ 'Hi! What can I help you with today?'
(was: '401 token expired or incorrect')
After applying this commit on all boxes:
omp --print --model zai-coding/glm-5.2:xhigh 'hi'
should work everywhere.
