Provider and Auth Errors
This page covers credential and provider-compatibility failures. Each entry is a problem, its cause, and the fix. For general CLI issues see Wayland Core Troubleshooting.
The engine reads credentials in a fixed order
Section titled “The engine reads credentials in a fixed order”A flag overrides the environment, which overrides the config file. When a key seems wrong, check all three so a stale value in one is not masking the right value in another. The relevant flags are --provider, --api-key, --base-url, and --model, with matching environment variables PROVIDER, API_KEY, BASE_URL, and MODEL (plus provider-specific ones like ANTHROPIC_API_KEY and OPENAI_API_KEY).
Invalid API key
Section titled “Invalid API key”Problem: an API error such as API error 401.
Cause: a wrong, expired, or revoked key.
Fix: verify the key is correct and active with the provider. Rotate it if you are unsure. If you keep the key in the config file, confirm you are editing the file the engine actually loads: wayland-core --config-path prints its location.
Profile not found
Section titled “Profile not found”Problem:
Profile 'xxx' not found in configCause: --profile xxx names a profile that is not defined.
Fix: define [profiles.xxx] in the config, or correct the name. Profiles can inherit with extends, so a typo in the parent name surfaces here too. See Profiles.
Anthropic OAuth instead of a key
Section titled “Anthropic OAuth instead of a key”If you do not want to paste a key for Anthropic, sign in with your Claude account:
wayland-core --login # prints a URL and code; authorize in the browserwayland-core --logout # clears saved credentialsCredentials are saved alongside the global config and auto-refresh on later runs. If login appears to succeed but requests still fail, log out and back in to write a fresh credential.
Bedrock errors
Section titled “Bedrock errors”Problem: requests to AWS Bedrock fail with a schema or signing error.
Cause: Bedrock signs requests with SigV4 and is stricter about tool schemas than other providers. The engine applies schema sanitization for Bedrock and returns actionable error hints, but missing or misordered credentials still fail.
Fix:
- Confirm credentials resolve. The order is explicit config credentials, then an AWS profile, then the environment variables
AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY, and optionallyAWS_SESSION_TOKEN. - Set the correct
region. Bedrock uses regional endpoints. - Read the error hint the engine prints; it usually names the field that needs attention. See Providers and Auth.
Vertex errors
Section titled “Vertex errors”Problem: Google Vertex AI auth fails.
Cause: the engine resolves Vertex credentials from a service account key file, application default credentials, or the GCP metadata server when running on GCE, GKE, or Cloud Run.
Fix:
- For local development, run
gcloud auth application-default login, or pointcredentials_fileat a service account JSON. - Set
project_idandregion. - On a GCP host, the metadata server is detected automatically; if detection fails, fall back to an explicit credentials file.
OpenAI-compatible backend behaves oddly
Section titled “OpenAI-compatible backend behaves oddly”Problem: a DeepSeek, Ollama, vLLM, or other OpenAI-compatible endpoint returns malformed-looking errors, drops tool calls, or rejects the request shape.
Cause: these backends differ from OpenAI in small ways. Wayland handles this with a configuration-driven ProviderCompat layer rather than hardcoded conditionals, but a misconfigured alias can still send the wrong shape.
Fix: define the backend as a provider alias pointing at the openai base, and adjust the compat fields for its quirks, for example max_tokens_field, merge_assistant_messages, ensure_alternation, or strip_patterns for models that emit <think> tags. See the Config File Reference for every compat field.