Providers
Omegon treats provider authentication as a runtime boundary, not just a login convenience. The active provider affects routing, allowed entry points, quota semantics, and what the operator sees in the engine footer.
Current provider auth modes
| Provider / mode | Configure | Allowed | Restrictions |
|---|---|---|---|
| Anthropic/Claude API key | omegon secret set ANTHROPIC_API_KEY --stdin | All Omegon entry points, including TUI, prompts, smoke, and cleave. | Subject to Anthropic API terms, quota, and model limits. |
| Anthropic/Claude OAuth / subscription | omegon auth login anthropic or /login anthropic | Interactive TUI sessions; headless Anthropic runs with an explicit operator-risk warning. |
Omegon does not treat subscription OAuth as equivalent to an API key.
If you want policy-clean prompts, smoke tests, cleave, or unattended automation, use
ANTHROPIC_API_KEY instead.
|
| OpenAI API | omegon secret set OPENAI_API_KEY --stdin | All supported Omegon entry points. | Subject to OpenAI billing, quota, and model limits. |
| OpenAI/Codex OAuth | omegon auth login openai-codex or /login openai-codex | Supported Codex-backed Omegon flows, including interactive work and supported automation. |
The engine footer may show a selected model such as gpt-5.4 while the limit row
shows an upstream bucket name such as GPT-5.3-Codex-Spark. That limit row is provider
telemetry, not a second model selector.
|
| Ollama (Local) | export OLLAMA_HOST="http://127.0.0.1:11434" | All supported local-model workflows. | Local inference only; no external account auth. |
| Ollama Cloud | omegon auth login ollama-cloud, /login ollama-cloud, or /secrets set OLLAMA_API_KEY | All supported hosted-Ollama workflows. | Separate hosted provider from local Ollama. Uses OLLAMA_API_KEY against Ollama's cloud API. |
| OpenAI-compatible API key providers | /login openrouter, /login groq, /login xai, /login mistral, /login cerebras, /login opencode-go, or /login perplexity | All supported key-backed workflows. | Each provider has its own billing, quota, model catalog, and upstream error semantics. |
| Google Gemini | /login google or GOOGLE_API_KEY / GEMINI_API_KEY | All supported key-backed workflows. | Gemini models through Google's public API surface. |
| Google Antigravity | /login google-antigravity | Interactive and supported OAuth-backed workflows. | Gemini models through the Antigravity OAuth route. Distinct from the API-key Gemini provider. |
| GitHub Models (coming soon) | Official PAT configuration will be documented when the integration ships. | Planned support. | Not available yet. |
| Copilot seat (coming soon) | Seat-based auth will be documented when the integration ships. | Planned support. | Not available yet. |
Runtime identity honesty
Omegon now keeps provider identity explicit in operator-facing surfaces:
- Anthropic/Claude means Anthropic-backed execution
- OpenAI API means API-key execution against OpenAI's API surfaces
- OpenAI/Codex means the ChatGPT/Codex OAuth-backed route
- OpenRouter, Groq, xAI, Mistral AI, Cerebras, OpenCode Go, and Perplexity AI are independent OpenAI-compatible providers with their own credentials and limits
- Google Gemini means API-key execution against Google's Gemini API
- Google Antigravity means OAuth-backed Gemini execution through the Antigravity route
- Ollama (Local) means on-device inference against your local daemon
- Ollama Cloud means the hosted Ollama API route, authenticated separately from local Ollama
The footer's model row shows the selected runtime model. The limit row,
when present, shows upstream provider quota telemetry. Those are intentionally different fields.
Anthropic subscription boundary
Anthropic/Claude subscription auth is the one credential class with an explicit operator-risk boundary.
Interactive TUI use is allowed. Headless Anthropic paths warn and proceed rather than silently switching
providers or pretending subscription OAuth has API-key automation semantics.
The consumer terms page is here:
anthropic.com/legal/consumer-terms
Practical guidance
- If you want to work in the TUI by hand, Anthropic/Claude OAuth is a valid path.
- If you want unattended or scripted automation with clean provider terms, configure
ANTHROPIC_API_KEY. - If you want GPT-family routing without API-key setup, try
omegon auth login openai-codex. - If you want local-only inference, use
Ollama (Local). - If you want hosted Ollama without running a local daemon, use
Ollama Cloud via /login or /secrets. - If you want predictable automation with commercial API terms, prefer API-key-backed providers.
How this fits the rest of Omegon
The provider layer feeds the TUI, slash commands, smoke paths, and cleave orchestration. That means
auth mode affects not just model access, but which entry points Omegon can honestly and safely expose.