7e4d1ffc29
admin_save_config silently accepted enabled=True for any provider even when no api_key was configured (neither in the request body, nor already stored, nor available in the provider's env var). Result: /api/admin/config returned 200, the provider was marked enabled in UI and config, then every actual query to that provider 401'd at call time with an opaque error. The fix: when the incoming patch sets enabled=True, compute the effective key (request body preferred, falling back to stored config, falling back to the provider's env var via get_api_key()) and reject with 400 if the effective key is empty. Keeps all existing behavior for disabled providers and for updates that don't touch enabled. Surfaced by lakehouse scrum-master pipeline run 2026-04-24 (finding F5).