fix: runtime oauth issues

core/framework/agents/credential_tester/agent.py

@@ -94,7 +94,7 @@ def _list_aden_accounts() -> list[dict]:
 
         client = AdenCredentialClient(
             AdenClientConfig(
-                base_url=os.environ.get("ADEN_API_URL", "https://api.adenhq.com"),
+                base_url=os.environ.get("ADEN_API_URL", "https://app.open-hive.com"),
             )
         )
         try:

core/framework/credentials/aden/provider.py

@@ -289,6 +289,24 @@ class AdenSyncProvider(CredentialProvider):
         """
         synced = 0
 
+        # Echo where we're talking and which key prefix we're using so a
+        # 401 can be diagnosed without enabling httpx debug logs. The key
+        # prefix is the safest discriminator: if the desktop minted a key
+        # against backend X but the runtime is hitting backend Y, the
+        # prefix in the log won't match the one the user finds in their
+        # ``hive_auth.bin`` (or in the dashboard's Keys panel).
+        cfg = self._client.config
+        api_key = cfg.api_key or ""
+        key_summary = (
+            f"{api_key[:8]}…{api_key[-4:]}" if len(api_key) >= 12 else "<short>"
+        )
+        logger.info(
+            "AdenSync: GET %s/v1/credentials key=%s len=%d",
+            cfg.base_url.rstrip("/"),
+            key_summary,
+            len(api_key),
+        )
+
         try:
             integrations = self._client.list_integrations()
 

core/framework/credentials/store.py

@@ -714,7 +714,7 @@ class CredentialStore:
     @classmethod
     def with_aden_sync(
         cls,
-        base_url: str = "https://api.adenhq.com",
+        base_url: str | None = None,
         cache_ttl_seconds: int = 300,
         local_path: str | None = None,
         auto_sync: bool = True,
@@ -762,6 +762,14 @@ class CredentialStore:
             logger.info("ADEN_API_KEY not set, using local-only credential storage")
             return cls(storage=local_storage, **kwargs)
 
+        # Honor ADEN_API_URL when no explicit base_url was passed. The
+        # legacy default (https://api.adenhq.com) was a stale brand
+        # alias; the new canonical host is app.open-hive.com (matches
+        # cloud-deployed hive-backend) but local dev typically points
+        # at http://localhost:8889 via this env var.
+        if base_url is None:
+            base_url = os.environ.get("ADEN_API_URL", "https://app.open-hive.com")
+
         # Try to setup Aden sync
         try:
             from .aden import (

core/framework/tools/queen_lifecycle_tools.py

@@ -2328,7 +2328,7 @@ def register_queen_lifecycle_tools(
             "create_colony. Existing siblings are preserved. Pass only "
             "the fields you want to change."
         ),
-        input_schema={
+        parameters={
             "type": "object",
             "properties": {
                 "colony_name": {"type": "string"},

tools/src/aden_tools/credentials/store_adapter.py

@@ -642,7 +642,7 @@ class CredentialStoreAdapter:
                 # Use 5-second timeout to avoid blocking on slow/failed requests
                 client = AdenCredentialClient(
                     AdenClientConfig(
-                        base_url=os.environ.get("ADEN_API_URL", "https://api.adenhq.com"),
+                        base_url=os.environ.get("ADEN_API_URL", "https://app.open-hive.com"),
                         timeout=5.0,
                     )
                 )