fix: sync fixes from desktop

core/framework/config.py

@@ -14,11 +14,30 @@ from typing import Any
 
 DEFAULT_MAX_TOKENS = 8192
 
+# ---------------------------------------------------------------------------
+# Desktop mode — set by Electron shell to skip frontend builds, etc.
+# ---------------------------------------------------------------------------
+DESKTOP_MODE: bool = bool(os.environ.get("HIVE_DESKTOP_MODE"))
+
 # ---------------------------------------------------------------------------
 # Hive home directory structure
+#
+# The runtime normally stores state in ``~/.hive/``. When the runtime is
+# spawned by the Electron desktop shell, the shell passes ``HIVE_HOME`` as
+# an env var pointing at the platform-native userData directory (e.g.
+# ``~/Library/Application Support/Hive/`` on macOS), so the desktop app
+# does NOT share state with an OSS ``hive`` install on the same machine.
 # ---------------------------------------------------------------------------
 
-HIVE_HOME = Path.home() / ".hive"
+
+def _resolve_hive_home() -> Path:
+    override = os.environ.get("HIVE_HOME")
+    if override:
+        return Path(override).expanduser()
+    return Path.home() / ".hive"
+
+
+HIVE_HOME = _resolve_hive_home()
 QUEENS_DIR = HIVE_HOME / "agents" / "queens"
 COLONIES_DIR = HIVE_HOME / "colonies"
 MEMORIES_DIR = HIVE_HOME / "memories"
@@ -56,7 +75,10 @@ HIVE_CONFIG_FILE = HIVE_HOME / "configuration.json"
 
 # Hive LLM router endpoint (Anthropic-compatible).
 # litellm's Anthropic handler appends /v1/messages, so this is just the base host.
-HIVE_LLM_ENDPOINT = "https://api.adenhq.com"
+# Production proxy is `llm.open-hive.com`; the legacy `api.adenhq.com` host is
+# kept only for the Bearer-auth allow-list in litellm.py (some old configs
+# still point at it). New deployments should target the open-hive endpoint.
+HIVE_LLM_ENDPOINT = "https://llm.open-hive.com"
 logger = logging.getLogger(__name__)
 
 

core/framework/llm/model_catalog.json

@@ -481,7 +481,7 @@
       "model": "queen",
       "max_tokens": 32768,
       "max_context_tokens": 180000,
-      "api_base": "https://api.adenhq.com",
+      "api_base": "https://llm.open-hive.com",
       "model_choices": [
         {
           "id": "queen",

scripts/check_llm_key.py

@@ -256,12 +256,30 @@ def check_minimax(api_key: str, api_base: str = "https://api.minimax.io/v1", **_
 
 
 def check_anthropic_compatible(api_key: str, endpoint: str, name: str) -> dict:
-    """POST empty messages to an Anthropic-compatible endpoint to validate key."""
+    """POST empty messages to an Anthropic-compatible endpoint to validate key.
+
+    Sends both ``x-api-key`` (Anthropic native + most clones) and
+    ``Authorization: Bearer`` (hive-llm proxy + other JWT-auth proxies that
+    speak Anthropic's Messages API but reject x-api-key). Servers that
+    only check one header silently ignore the other, so the dual-auth
+    request validates correctly against either backend.
+
+    Status mapping:
+      - 200 / 400 / 429 → key authenticated (request rejected on other grounds)
+      - 401             → invalid key
+      - 403             → key lacks permissions for this endpoint
+      - 5xx             → service-side issue (e.g. hive-llm "no healthy key
+                           for model X" when the validator probes with a
+                           model the user's plan doesn't include); we trust
+                           the key — it got past auth — and surface a
+                           non-fatal warning.
+    """
     with httpx.Client(timeout=TIMEOUT) as client:
         r = client.post(
             endpoint,
             headers={
                 "x-api-key": api_key,
+                "Authorization": f"Bearer {api_key}",
                 "anthropic-version": "2023-06-01",
                 "Content-Type": "application/json",
             },
@@ -273,6 +291,11 @@ def check_anthropic_compatible(api_key: str, endpoint: str, name: str) -> dict:
         return {"valid": False, "message": f"Invalid {name} API key"}
     if r.status_code == 403:
         return {"valid": False, "message": f"{name} API key lacks permissions"}
+    if 500 <= r.status_code < 600:
+        return {
+            "valid": True,
+            "message": f"{name} API returned {r.status_code} (service-side, treating key as valid)",
+        }
     return {"valid": False, "message": f"{name} API returned status {r.status_code}"}