diff --git a/src-tauri/src/acp/types.rs b/src-tauri/src/acp/types.rs
index 37609fd..d634428 100644
--- a/src-tauri/src/acp/types.rs
+++ b/src-tauri/src/acp/types.rs
@@ -245,6 +245,7 @@ pub struct AcpAgentInfo {
     pub codex_auth_json: Option<String>,
     pub codex_config_toml: Option<String>,
     pub cline_secrets_json: Option<String>,
+    pub model_provider_id: Option<i32>,
 }
 
 /// Lightweight status info for a single agent, used by connect() pre-check.
diff --git a/src-tauri/src/commands/acp.rs b/src-tauri/src/commands/acp.rs
index 66054a4..fb12817 100644
--- a/src-tauri/src/commands/acp.rs
+++ b/src-tauri/src/commands/acp.rs
@@ -19,6 +19,7 @@ use crate::acp::types::{
 #[cfg(feature = "tauri-runtime")]
 use crate::acp::types::{ConnectionInfo, ForkResultInfo, PromptInputBlock};
 use crate::db::service::agent_setting_service;
+use crate::db::service::model_provider_service;
 use crate::db::AppDatabase;
 use crate::models::agent::AgentType;
 use crate::web::event_bridge::EventEmitter;
@@ -1121,6 +1122,11 @@ pub(crate) fn load_agent_local_config_json(agent_type: AgentType) -> Option<Stri
 fn merge_json_values(base: &mut serde_json::Value, patch: &serde_json::Value) {
     if let (Some(base_obj), Some(patch_obj)) = (base.as_object_mut(), patch.as_object()) {
         for (key, patch_value) in patch_obj {
+            if patch_value.is_null() {
+                // null in patch means "remove this key"
+                base_obj.remove(key);
+                continue;
+            }
             match base_obj.get_mut(key) {
                 Some(base_value) => merge_json_values(base_value, patch_value),
                 None => {
@@ -1539,6 +1545,30 @@ pub(crate) fn build_runtime_env_from_setting(
     merged
 }
 
+/// Resolve model provider credentials into runtime env vars if `model_provider_id` is set.
+pub(crate) async fn apply_model_provider_env(
+    agent_type: AgentType,
+    setting: Option<&crate::db::entities::agent_setting::Model>,
+    runtime_env: &mut BTreeMap<String, String>,
+    conn: &sea_orm::DatabaseConnection,
+) {
+    let provider_id = match setting.and_then(|s| s.model_provider_id) {
+        Some(id) => id,
+        None => return,
+    };
+    let provider = match model_provider_service::get_by_id(conn, provider_id).await {
+        Ok(Some(p)) => p,
+        _ => return,
+    };
+    let (url_key, key_key, _) = important_env_targets(agent_type);
+    if !provider.api_url.trim().is_empty() {
+        runtime_env.insert(url_key.to_string(), provider.api_url.clone());
+    }
+    if !provider.api_key.trim().is_empty() {
+        runtime_env.insert(key_key.to_string(), provider.api_key.clone());
+    }
+}
+
 #[cfg_attr(feature = "tauri-runtime", tauri::command)]
 pub async fn acp_preflight(
     agent_type: AgentType,
@@ -1579,6 +1609,9 @@ pub async fn acp_connect(
     let mut runtime_env =
         build_runtime_env_from_setting(agent_type, setting.as_ref(), local_config_json.as_deref());
 
+    // Resolve model provider credentials if configured.
+    apply_model_provider_env(agent_type, setting.as_ref(), &mut runtime_env, &db.conn).await;
+
     // For OpenClaw: when creating a new conversation (no session_id to resume),
     // signal that we want a fresh transcript via --reset-session.
     if agent_type == AgentType::OpenClaw && session_id.is_none() {
@@ -1859,6 +1892,7 @@ pub(crate) async fn acp_list_agents_core(
             codex_auth_json,
             codex_config_toml,
             cline_secrets_json,
+            model_provider_id: setting.and_then(|m| m.model_provider_id),
         });
     }
 
@@ -1943,7 +1977,11 @@ pub(crate) async fn acp_update_agent_preferences_core(
         }
     }
 
-    let patch = agent_setting_service::AgentSettingsUpdate { enabled, env_json };
+    let patch = agent_setting_service::AgentSettingsUpdate {
+        enabled,
+        env_json,
+        model_provider_id: None,
+    };
     agent_setting_service::update(&db.conn, agent_type, patch)
         .await
         .map_err(|e| AcpError::protocol(e.to_string()))?;
@@ -2018,6 +2056,152 @@ pub async fn acp_update_agent_preferences(
     ).await
 }
 
+pub(crate) async fn acp_update_agent_env_core(
+    agent_type: AgentType,
+    enabled: bool,
+    env: BTreeMap<String, String>,
+    model_provider_id: Option<i32>,
+    db: &AppDatabase,
+    emitter: &EventEmitter,
+) -> Result<(), AcpError> {
+    let default = agent_setting_service::AgentDefaultInput {
+        agent_type,
+        registry_id: registry::registry_id_for(agent_type).to_string(),
+        default_sort_order: i32::MAX / 2,
+    };
+
+    agent_setting_service::ensure_defaults(&db.conn, &[default])
+        .await
+        .map_err(|e| AcpError::protocol(e.to_string()))?;
+
+    let env_json = if env.is_empty() {
+        None
+    } else {
+        Some(serde_json::to_string(&env).map_err(|e| AcpError::protocol(e.to_string()))?)
+    };
+
+    let patch = agent_setting_service::AgentSettingsUpdate {
+        enabled,
+        env_json,
+        model_provider_id,
+    };
+    agent_setting_service::update(&db.conn, agent_type, patch)
+        .await
+        .map_err(|e| AcpError::protocol(e.to_string()))?;
+
+    emit_acp_agents_updated(emitter, "env_updated", Some(agent_type));
+    Ok(())
+}
+
+#[cfg(feature = "tauri-runtime")]
+#[cfg_attr(feature = "tauri-runtime", tauri::command)]
+pub async fn acp_update_agent_env(
+    agent_type: AgentType,
+    enabled: bool,
+    env: BTreeMap<String, String>,
+    model_provider_id: Option<i32>,
+    db: State<'_, AppDatabase>,
+    app: tauri::AppHandle,
+) -> Result<(), AcpError> {
+    let emitter = EventEmitter::Tauri(app);
+    acp_update_agent_env_core(agent_type, enabled, env, model_provider_id, &db, &emitter).await
+}
+
+#[allow(clippy::too_many_arguments)]
+pub(crate) async fn acp_update_agent_config_core(
+    agent_type: AgentType,
+    config_json: Option<String>,
+    opencode_auth_json: Option<String>,
+    codex_auth_json: Option<String>,
+    codex_config_toml: Option<String>,
+    emitter: &EventEmitter,
+) -> Result<(), AcpError> {
+    let config_json = config_json.and_then(|raw| {
+        let trimmed = raw.trim();
+        if trimmed.is_empty() {
+            None
+        } else {
+            Some(trimmed.to_string())
+        }
+    });
+    let opencode_auth_json = opencode_auth_json.and_then(|raw| {
+        let trimmed = raw.trim();
+        if trimmed.is_empty() {
+            None
+        } else {
+            Some(trimmed.to_string())
+        }
+    });
+    if let Some(raw) = config_json.as_deref() {
+        let parsed = serde_json::from_str::<serde_json::Value>(raw)
+            .map_err(|e| AcpError::protocol(format!("invalid config_json: {e}")))?;
+        if !parsed.is_object() {
+            return Err(AcpError::protocol(
+                "invalid config_json: root must be a JSON object",
+            ));
+        }
+    }
+
+    if agent_type == AgentType::Codex {
+        if codex_auth_json.is_some() || codex_config_toml.is_some() {
+            persist_codex_native_config_files(
+                codex_auth_json.as_deref(),
+                codex_config_toml.as_deref(),
+            )?;
+        }
+        emit_acp_agents_updated(emitter, "config_updated", Some(agent_type));
+        return Ok(());
+    }
+
+    if agent_type == AgentType::OpenCode {
+        if let Some(raw_auth) = opencode_auth_json.as_deref() {
+            persist_opencode_auth_json(raw_auth)?;
+        }
+        if let Some(raw) = config_json.as_deref() {
+            persist_agent_local_config_json(agent_type, Some(raw))?;
+        }
+        emit_acp_agents_updated(emitter, "config_updated", Some(agent_type));
+        return Ok(());
+    }
+
+    if agent_type == AgentType::Cline {
+        if let Some(raw) = config_json.as_deref() {
+            persist_cline_local_config(Some(raw))?;
+        }
+        emit_acp_agents_updated(emitter, "config_updated", Some(agent_type));
+        return Ok(());
+    }
+
+    // Claude Code, Gemini, OpenClaw — write config JSON to local file without merging env
+    let local_patch_value = config_json
+        .as_deref()
+        .and_then(|raw| serde_json::from_str::<serde_json::Value>(raw).ok())
+        .filter(|value| value.is_object())
+        .unwrap_or_else(|| serde_json::json!({}));
+    let local_patch_json = serde_json::to_string(&local_patch_value)
+        .map_err(|e| AcpError::protocol(format!("serialize local patch failed: {e}")))?;
+    persist_agent_local_config_json(agent_type, Some(local_patch_json.as_str()))?;
+    emit_acp_agents_updated(emitter, "config_updated", Some(agent_type));
+    Ok(())
+}
+
+#[cfg(feature = "tauri-runtime")]
+#[cfg_attr(feature = "tauri-runtime", tauri::command)]
+pub async fn acp_update_agent_config(
+    agent_type: AgentType,
+    config_json: Option<String>,
+    opencode_auth_json: Option<String>,
+    codex_auth_json: Option<String>,
+    codex_config_toml: Option<String>,
+    app: tauri::AppHandle,
+) -> Result<(), AcpError> {
+    let emitter = EventEmitter::Tauri(app);
+    acp_update_agent_config_core(
+        agent_type, config_json, opencode_auth_json, codex_auth_json, codex_config_toml, &emitter,
+    )
+    .await
+}
+
 pub(crate) async fn acp_download_agent_binary_core(
     agent_type: AgentType,
     emitter: &EventEmitter,
diff --git a/src-tauri/src/commands/model_provider.rs b/src-tauri/src/commands/model_provider.rs
index 2e5afa8..d47b070 100644
--- a/src-tauri/src/commands/model_provider.rs
+++ b/src-tauri/src/commands/model_provider.rs
@@ -1,5 +1,5 @@
 use crate::app_error::AppCommandError;
-use crate::db::service::model_provider_service;
+use crate::db::service::{agent_setting_service, model_provider_service};
 use crate::db::AppDatabase;
 use crate::models::agent::AgentType;
 use crate::models::model_provider::ModelProviderInfo;
@@ -118,6 +118,10 @@ pub async fn delete_model_provider_core(
     db: &AppDatabase,
     id: i32,
 ) -> Result<(), AppCommandError> {
+    // Clear any agent settings that reference this provider before deleting.
+    agent_setting_service::clear_model_provider_id(&db.conn, id)
+        .await
+        .map_err(AppCommandError::from)?;
     model_provider_service::delete(&db.conn, id)
         .await
         .map_err(AppCommandError::from)?;
diff --git a/src-tauri/src/db/entities/agent_setting.rs b/src-tauri/src/db/entities/agent_setting.rs
index ee2fc6d..6211911 100644
--- a/src-tauri/src/db/entities/agent_setting.rs
+++ b/src-tauri/src/db/entities/agent_setting.rs
@@ -11,6 +11,7 @@ pub struct Model {
     pub sort_order: i32,
     pub installed_version: Option<String>,
     pub env_json: Option<String>,
+    pub model_provider_id: Option<i32>,
     pub created_at: DateTimeUtc,
     pub updated_at: DateTimeUtc,
 }
diff --git a/src-tauri/src/db/migration/m20260406_000001_agent_setting_model_provider.rs b/src-tauri/src/db/migration/m20260406_000001_agent_setting_model_provider.rs
new file mode 100644
index 0000000..064d814
--- /dev/null
+++ b/src-tauri/src/db/migration/m20260406_000001_agent_setting_model_provider.rs
@@ -0,0 +1,35 @@
+use sea_orm_migration::prelude::*;
+
+#[derive(DeriveMigrationName)]
+pub struct Migration;
+
+#[async_trait::async_trait]
+impl MigrationTrait for Migration {
+    async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
+        manager
+            .alter_table(
+                Table::alter()
+                    .table(AgentSetting::Table)
+                    .add_column(ColumnDef::new(AgentSetting::ModelProviderId).integer().null())
+                    .to_owned(),
+            )
+            .await
+    }
+
+    async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
+        manager
+            .alter_table(
+                Table::alter()
+                    .table(AgentSetting::Table)
+                    .drop_column(AgentSetting::ModelProviderId)
+                    .to_owned(),
+            )
+            .await
+    }
+}
+
+#[derive(DeriveIden)]
+enum AgentSetting {
+    Table,
+    ModelProviderId,
+}
diff --git a/src-tauri/src/db/migration/mod.rs b/src-tauri/src/db/migration/mod.rs
index babc372..8698cbe 100644
--- a/src-tauri/src/db/migration/mod.rs
+++ b/src-tauri/src/db/migration/mod.rs
@@ -8,6 +8,7 @@ mod m20260227_000001_folder_parent_branch;
 mod m20260330_000001_chat_channel;
 mod m20260401_000001_chat_channel_sender_context;
 mod m20260404_000001_model_provider;
+mod m20260406_000001_agent_setting_model_provider;
 pub struct Migrator;
 
 #[async_trait::async_trait]
@@ -22,6 +23,7 @@ impl MigratorTrait for Migrator {
             Box::new(m20260330_000001_chat_channel::Migration),
             Box::new(m20260401_000001_chat_channel_sender_context::Migration),
             Box::new(m20260404_000001_model_provider::Migration),
+            Box::new(m20260406_000001_agent_setting_model_provider::Migration),
         ]
     }
 }
diff --git a/src-tauri/src/db/service/agent_setting_service.rs b/src-tauri/src/db/service/agent_setting_service.rs
index 59235d6..777f8a5 100644
--- a/src-tauri/src/db/service/agent_setting_service.rs
+++ b/src-tauri/src/db/service/agent_setting_service.rs
@@ -22,6 +22,7 @@ pub struct AgentDefaultInput {
 pub struct AgentSettingsUpdate {
     pub enabled: bool,
     pub env_json: Option<String>,
+    pub model_provider_id: Option<i32>,
 }
 
 fn default_enabled(agent_type: AgentType) -> bool {
@@ -67,6 +68,7 @@ pub async fn ensure_defaults(
             sort_order: Set(default.default_sort_order),
             installed_version: Set(None),
             env_json: Set(None),
+            model_provider_id: Set(None),
             created_at: Set(now),
             updated_at: Set(now),
         };
@@ -133,6 +135,7 @@ pub async fn update(
     let mut active = model.into_active_model();
     active.enabled = Set(patch.enabled);
     active.env_json = Set(patch.env_json);
+    active.model_provider_id = Set(patch.model_provider_id);
     active.updated_at = Set(Utc::now());
     active.update(conn).await?;
     Ok(())
@@ -202,6 +205,25 @@ async fn reorder_once(conn: &DatabaseConnection, agent_types: &[AgentType]) -> R
     Ok(())
 }
 
+pub async fn clear_model_provider_id(
+    conn: &DatabaseConnection,
+    model_provider_id: i32,
+) -> Result<(), DbError> {
+    let rows = agent_setting::Entity::find()
+        .all(conn)
+        .await?;
+    let now = Utc::now();
+    for row in rows {
+        if row.model_provider_id == Some(model_provider_id) {
+            let mut active = row.into_active_model();
+            active.model_provider_id = Set(None);
+            active.updated_at = Set(now);
+            active.update(conn).await?;
+        }
+    }
+    Ok(())
+}
+
 fn is_sqlite_full_error(err: &DbError) -> bool {
     let message = err.to_string();
     message.contains("database or disk is full") || message.contains("(code: 13)")
diff --git a/src-tauri/src/lib.rs b/src-tauri/src/lib.rs
index 5e47784..35d3c98 100644
--- a/src-tauri/src/lib.rs
+++ b/src-tauri/src/lib.rs
@@ -347,6 +347,8 @@ mod tauri_app {
                 acp_commands::acp_prepare_npx_agent,
                 acp_commands::acp_uninstall_agent,
                 acp_commands::acp_update_agent_preferences,
+                acp_commands::acp_update_agent_env,
+                acp_commands::acp_update_agent_config,
                 acp_commands::acp_reorder_agents,
                 acp_commands::acp_list_agent_skills,
                 acp_commands::acp_read_agent_skill,
diff --git a/src-tauri/src/models/model_provider.rs b/src-tauri/src/models/model_provider.rs
index a4027eb..fe208f6 100644
--- a/src-tauri/src/models/model_provider.rs
+++ b/src-tauri/src/models/model_provider.rs
@@ -5,6 +5,7 @@ pub struct ModelProviderInfo {
     pub id: i32,
     pub name: String,
     pub api_url: String,
+    pub api_key: String,
     pub api_key_masked: String,
     pub agent_types: Vec<String>,
     pub created_at: String,
@@ -33,6 +34,7 @@ impl From<crate::db::entities::model_provider::Model> for ModelProviderInfo {
             id: m.id,
             name: m.name,
             api_url: m.api_url,
+            api_key: m.api_key.clone(),
             api_key_masked: mask_api_key(&m.api_key),
             agent_types,
             created_at: m.created_at.to_rfc3339(),
diff --git a/src-tauri/src/web/handlers/acp.rs b/src-tauri/src/web/handlers/acp.rs
index c917e06..1084020 100644
--- a/src-tauri/src/web/handlers/acp.rs
+++ b/src-tauri/src/web/handlers/acp.rs
@@ -80,6 +80,15 @@ pub async fn acp_connect(
         local_config_json.as_deref(),
     );
 
+    // Resolve model provider credentials if configured.
+    acp_commands::apply_model_provider_env(
+        params.agent_type,
+        setting.as_ref(),
+        &mut runtime_env,
+        &db.conn,
+    )
+    .await;
+
     if params.agent_type == AgentType::OpenClaw && params.session_id.is_none() {
         runtime_env.insert("OPENCLAW_RESET_SESSION".into(), "1".into());
     }
@@ -398,6 +407,62 @@ pub async fn acp_update_agent_preferences(
     Ok(Json(()))
 }
 
+#[derive(Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct AcpUpdateAgentEnvParams {
+    pub agent_type: AgentType,
+    pub enabled: bool,
+    pub env: BTreeMap<String, String>,
+    pub model_provider_id: Option<i32>,
+}
+
+pub async fn acp_update_agent_env(
+    Extension(state): Extension<Arc<AppState>>,
+    Json(params): Json<AcpUpdateAgentEnvParams>,
+) -> Result<Json<()>, AppCommandError> {
+    let db = &state.db;
+    let emitter = state.emitter.clone();
+    acp_commands::acp_update_agent_env_core(
+        params.agent_type,
+        params.enabled,
+        params.env,
+        params.model_provider_id,
+        db,
+        &emitter,
+    )
+    .await
+    .map_err(|e| AppCommandError::task_execution_failed(e.to_string()))?;
+    Ok(Json(()))
+}
+
+#[derive(Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct AcpUpdateAgentConfigParams {
+    pub agent_type: AgentType,
+    pub config_json: Option<String>,
+    pub opencode_auth_json: Option<String>,
+    pub codex_auth_json: Option<String>,
+    pub codex_config_toml: Option<String>,
+}
+
+pub async fn acp_update_agent_config(
+    Extension(state): Extension<Arc<AppState>>,
+    Json(params): Json<AcpUpdateAgentConfigParams>,
+) -> Result<Json<()>, AppCommandError> {
+    let emitter = state.emitter.clone();
+    acp_commands::acp_update_agent_config_core(
+        params.agent_type,
+        params.config_json,
+        params.opencode_auth_json,
+        params.codex_auth_json,
+        params.codex_config_toml,
+        &emitter,
+    )
+    .await
+    .map_err(|e| AppCommandError::task_execution_failed(e.to_string()))?;
+    Ok(Json(()))
+}
+
 pub async fn acp_download_agent_binary(
     Extension(state): Extension<Arc<AppState>>,
     Json(params): Json<AgentTypeParams>,
diff --git a/src-tauri/src/web/router.rs b/src-tauri/src/web/router.rs
index 5f111bc..89f2d67 100644
--- a/src-tauri/src/web/router.rs
+++ b/src-tauri/src/web/router.rs
@@ -164,6 +164,8 @@ pub fn build_router(state: Arc<AppState>, token: String, static_dir: std::path::
         .route("/acp_list_connections", post(handlers::acp::acp_list_connections))
         .route("/acp_clear_binary_cache", post(handlers::acp::acp_clear_binary_cache))
         .route("/acp_update_agent_preferences", post(handlers::acp::acp_update_agent_preferences))
+        .route("/acp_update_agent_env", post(handlers::acp::acp_update_agent_env))
+        .route("/acp_update_agent_config", post(handlers::acp::acp_update_agent_config))
         .route("/acp_download_agent_binary", post(handlers::acp::acp_download_agent_binary))
         .route("/acp_detect_agent_local_version", post(handlers::acp::acp_detect_agent_local_version))
         .route("/acp_prepare_npx_agent", post(handlers::acp::acp_prepare_npx_agent))
diff --git a/src/components/settings/acp-agent-settings.tsx b/src/components/settings/acp-agent-settings.tsx
index 8ec2086..a84e638 100644
--- a/src/components/settings/acp-agent-settings.tsx
+++ b/src/components/settings/acp-agent-settings.tsx
@@ -63,13 +63,16 @@ import {
   acpPrepareNpxAgent,
   acpReorderAgents,
   acpUninstallAgent,
-  acpUpdateAgentPreferences,
+  acpUpdateAgentConfig,
+  acpUpdateAgentEnv,
+  listModelProviders,
 } from "@/lib/api"
 import type {
   AcpAgentInfo,
   AgentType,
   CheckStatus,
   FixAction,
+  ModelProviderInfo,
   PreflightResult,
 } from "@/lib/types"
 
@@ -78,6 +81,13 @@ interface AgentCheckState {
   error?: string
 }
 
+const CLAUDE_AUTH_MODES = [
+  "official_subscription",
+  "custom",
+  "model_provider",
+] as const
+type ClaudeAuthMode = (typeof CLAUDE_AUTH_MODES)[number]
+
 interface AgentDraft {
   enabled: boolean
   envText: string
@@ -85,6 +95,8 @@ interface AgentDraft {
   apiBaseUrl: string
   apiKey: string
   model: string
+  claudeAuthMode: ClaudeAuthMode
+  modelProviderId: number | null
   geminiAuthMode: GeminiAuthMode
   geminiApiKey: string
   googleApiKey: string
@@ -231,6 +243,7 @@ const GEMINI_AUTH_MODES = [
   "vertex_adc",
   "vertex_service_account",
   "vertex_api_key",
+  "model_provider",
 ] as const
 
 type GeminiAuthMode = (typeof GEMINI_AUTH_MODES)[number]
@@ -785,7 +798,8 @@ function patchGeminiAuthMode(
 }
 
 function geminiAuthModeLabel(mode: GeminiAuthMode): string {
-  if (mode === "custom") return acpText("gemini.mode.custom", "Custom Endpoint")
+  if (mode === "custom")
+    return acpText("authModeCustomEndpoint", "Custom Endpoint")
   if (mode === "login_google")
     return acpText("gemini.mode.loginGoogle", "Google Login (OAuth)")
   if (mode === "gemini_api_key") return "Gemini API Key"
@@ -795,6 +809,8 @@ function geminiAuthModeLabel(mode: GeminiAuthMode): string {
       "gemini.mode.vertexServiceAccount",
       "Vertex AI (Service Account)"
     )
+  if (mode === "model_provider")
+    return acpText("authModeModelProvider", "Model Provider")
   return "Vertex AI API Key"
 }
 
@@ -829,12 +845,48 @@ function geminiAuthModeHint(mode: GeminiAuthMode): string {
       "Set service account JSON path to GOOGLE_APPLICATION_CREDENTIALS."
     )
   }
+  if (mode === "model_provider") {
+    return acpText(
+      "modelProviderHint",
+      "Use API URL and API Key from a configured model provider."
+    )
+  }
   return acpText(
     "gemini.hint.vertexApiKey",
     "Fill GOOGLE_API_KEY when using Vertex AI API key."
   )
 }
 
+/**
+ * Compare original and current config objects. For any key present in
+ * original but missing in current, set it to `null` in the result so
+ * the backend merge can delete it from the file on disk.
+ */
+function markRemovedKeysNull(
+  original: Record<string, unknown>,
+  current: Record<string, unknown>
+): Record<string, unknown> {
+  const result: Record<string, unknown> = { ...current }
+  for (const key of Object.keys(original)) {
+    if (!(key in result)) {
+      result[key] = null
+    } else if (
+      original[key] &&
+      typeof original[key] === "object" &&
+      !Array.isArray(original[key]) &&
+      result[key] &&
+      typeof result[key] === "object" &&
+      !Array.isArray(result[key])
+    ) {
+      result[key] = markRemovedKeysNull(
+        original[key] as Record<string, unknown>,
+        result[key] as Record<string, unknown>
+      )
+    }
+  }
+  return result
+}
+
 function normalizeConfigText(configText: string): string {
   const parseResult = parseConfigJsonText(configText)
   if (parseResult.error) return configText.trim()
@@ -1003,7 +1055,11 @@ interface CodexImportantValues {
 
 const CODEX_DEFAULT_MODEL_PROVIDER = "codeg"
 
-const CODEX_AUTH_MODES = ["api_key", "chatgpt_subscription"] as const
+const CODEX_AUTH_MODES = [
+  "api_key",
+  "chatgpt_subscription",
+  "model_provider",
+] as const
 type CodexAuthMode = (typeof CODEX_AUTH_MODES)[number]
 
 type CodexReasoningEffort = "low" | "medium" | "high" | "xhigh"
@@ -1474,6 +1530,22 @@ function findTomlSectionRange(
   return { start: sectionStart, end: sectionEnd }
 }
 
+function removeTomlSection(
+  configTomlText: string,
+  sectionName: string
+): string {
+  const lines = configTomlText.split(/\r?\n/)
+  const range = findTomlSectionRange(lines, sectionName)
+  if (!range) return configTomlText
+  // Remove blank line before section header if present
+  const removeStart =
+    range.start > 0 && lines[range.start - 1].trim() === ""
+      ? range.start - 1
+      : range.start
+  lines.splice(removeStart, range.end - removeStart)
+  return lines.join("\n").trim()
+}
+
 function upsertTomlSectionBooleanKey(
   configTomlText: string,
   sectionName: string,
@@ -1867,9 +1939,8 @@ function patchImportantConfigText(
     config[key] = trimmed
   }
 
-  assignOrRemove("apiBaseUrl", patch.apiBaseUrl)
-  assignOrRemove("apiKey", patch.apiKey)
   if (agentType === "claude_code") {
+    // Claude Code: write apiBaseUrl/apiKey into config.env, not root
     const env =
       typeof config.env === "object" && config.env && !Array.isArray(config.env)
         ? { ...(config.env as Record<string, unknown>) }
@@ -1882,6 +1953,11 @@ function patchImportantConfigText(
       }
       env[key] = trimmed
     }
+    // Remove root-level apiBaseUrl/apiKey if present (legacy cleanup)
+    delete config.apiBaseUrl
+    delete config.apiKey
+    assignEnv("ANTHROPIC_BASE_URL", patch.apiBaseUrl)
+    assignEnv("ANTHROPIC_AUTH_TOKEN", patch.apiKey)
 
     assignEnv(CLAUDE_MODEL_ENV_KEYS.claudeMainModel, patch.claudeMainModel)
     assignEnv(
@@ -1907,6 +1983,8 @@ function patchImportantConfigText(
       config.env = env
     }
   } else {
+    assignOrRemove("apiBaseUrl", patch.apiBaseUrl)
+    assignOrRemove("apiKey", patch.apiKey)
     assignOrRemove("model", patch.model)
   }
 
@@ -2028,16 +2106,29 @@ function buildAgentDraft(agent: AcpAgentInfo): AgentDraft {
           : agent.agent_type === "open_code"
             ? openCodeImportant.model
             : important.model,
-    geminiAuthMode: geminiImportant.authMode,
+    claudeAuthMode:
+      agent.agent_type === "claude_code" && agent.model_provider_id != null
+        ? "model_provider"
+        : agent.agent_type === "claude_code" &&
+            (important.apiBaseUrl || important.apiKey)
+          ? "custom"
+          : "official_subscription",
+    modelProviderId: agent.model_provider_id ?? null,
+    geminiAuthMode:
+      agent.agent_type === "gemini" && agent.model_provider_id != null
+        ? "model_provider"
+        : geminiImportant.authMode,
     geminiApiKey: geminiImportant.geminiApiKey,
     googleApiKey: geminiImportant.googleApiKey,
     googleCloudProject: geminiImportant.googleCloudProject,
     googleCloudLocation: geminiImportant.googleCloudLocation,
     googleApplicationCredentials: geminiImportant.googleApplicationCredentials,
     codexAuthMode:
-      agent.agent_type === "codex"
-        ? inferCodexAuthMode(codexAuthJsonText)
-        : "api_key",
+      agent.agent_type === "codex" && agent.model_provider_id != null
+        ? "model_provider"
+        : agent.agent_type === "codex"
+          ? inferCodexAuthMode(codexAuthJsonText)
+          : "api_key",
     codexModelProvider: codexImportant.modelProvider,
     codexProviderOptions: codexImportant.providerOptions,
     codexReasoningEffort: codexImportant.reasoningEffort,
@@ -2334,7 +2425,13 @@ export function AcpAgentSettings() {
   const [runningActionKind, setRunningActionKind] = useState<
     Partial<Record<AgentType, RunningActionKind>>
   >({})
-  const [saving, setSaving] = useState<Partial<Record<AgentType, boolean>>>({})
+  const [savingEnv, setSavingEnv] = useState<
+    Partial<Record<AgentType, boolean>>
+  >({})
+  const [savingConfig, setSavingConfig] = useState<
+    Partial<Record<AgentType, boolean>>
+  >({})
+  const [modelProviders, setModelProviders] = useState<ModelProviderInfo[]>([])
   const [uninstallConfirmAgent, setUninstallConfirmAgent] =
     useState<AcpAgentInfo | null>(null)
   const [expandedChecks, setExpandedChecks] = useState<Record<string, boolean>>(
@@ -2399,8 +2496,12 @@ export function AcpAgentSettings() {
     setLoadingAgents(true)
     setLoadingError(null)
     try {
-      const next = await acpListAgents()
+      const [next, providers] = await Promise.all([
+        acpListAgents(),
+        listModelProviders().catch(() => [] as ModelProviderInfo[]),
+      ])
       setAgents(next)
+      setModelProviders(providers)
       setDrafts((prev) => {
         const updated = { ...prev }
         for (const agent of next) {
@@ -2549,11 +2650,43 @@ export function AcpAgentSettings() {
     })
   }, [sortedAgents])
 
-  const persistPreferences = useCallback(
+  const persistEnv = useCallback(
     async (
       agentType: AgentType,
       enabled: boolean,
       envText: string,
+      modelProviderId?: number | null
+    ) => {
+      const parsedEnv = parseEnvText(envText)
+      setSavingEnv((prev) => ({ ...prev, [agentType]: true }))
+      try {
+        await acpUpdateAgentEnv(agentType, {
+          enabled,
+          env: parsedEnv,
+          modelProviderId: modelProviderId ?? null,
+        })
+        setAgents((prev) =>
+          prev.map((agent) =>
+            agent.agent_type === agentType
+              ? {
+                  ...agent,
+                  enabled,
+                  env: parsedEnv,
+                  model_provider_id: modelProviderId ?? null,
+                }
+              : agent
+          )
+        )
+      } finally {
+        setSavingEnv((prev) => ({ ...prev, [agentType]: false }))
+      }
+    },
+    []
+  )
+
+  const persistConfig = useCallback(
+    async (
+      agentType: AgentType,
       configText: string,
       options?: {
         openCodeAuthJsonText?: string
@@ -2565,34 +2698,47 @@ export function AcpAgentSettings() {
       if (parsedConfig.error) {
         throw new Error(parsedConfig.error)
       }
-      const openCodeAuthJsonText = options?.openCodeAuthJsonText
       const codexAuthJsonText = options?.codexAuthJsonText
-      const codexConfigTomlText = options?.codexConfigTomlText
       if (agentType === "codex" && typeof codexAuthJsonText === "string") {
         const authError = parseCodexAuthJsonText(codexAuthJsonText)
         if (authError) {
           throw new Error(authError)
         }
       }
-      const parsedEnv = parseEnvText(envText)
       const normalizedConfig = normalizeConfigText(configText)
-      const configForPersist =
+      // For agents using merge strategy, mark removed keys as null
+      // so the backend merge_json_values can delete them from disk.
+      let configForPersist =
         agentType === "open_code" && !normalizedConfig ? "{}" : normalizedConfig
-      setSaving((prev) => ({ ...prev, [agentType]: true }))
+      const usesMerge =
+        agentType === "claude_code" ||
+        agentType === "gemini" ||
+        agentType === "open_claw"
+      if (usesMerge && configForPersist) {
+        const originalAgent = agents.find((a) => a.agent_type === agentType)
+        const originalConfig = originalAgent?.config_json
+          ? parseConfigJsonText(originalAgent.config_json).config
+          : {}
+        const currentConfig = parsedConfig.config
+        configForPersist = JSON.stringify(
+          markRemovedKeysNull(originalConfig, currentConfig),
+          null,
+          2
+        )
+      }
+      setSavingConfig((prev) => ({ ...prev, [agentType]: true }))
       try {
-        await acpUpdateAgentPreferences(agentType, {
-          enabled,
-          env: parsedEnv,
+        await acpUpdateAgentConfig(agentType, {
           config_json: configForPersist || null,
           opencode_auth_json:
-            typeof openCodeAuthJsonText === "string"
-              ? openCodeAuthJsonText
+            typeof options?.openCodeAuthJsonText === "string"
+              ? options.openCodeAuthJsonText
               : null,
           codex_auth_json:
             typeof codexAuthJsonText === "string" ? codexAuthJsonText : null,
           codex_config_toml:
-            typeof codexConfigTomlText === "string"
-              ? codexConfigTomlText
+            typeof options?.codexConfigTomlText === "string"
+              ? options.codexConfigTomlText
               : null,
         })
         setAgents((prev) =>
@@ -2600,30 +2746,28 @@ export function AcpAgentSettings() {
             agent.agent_type === agentType
               ? {
                   ...agent,
-                  enabled,
-                  env: parsedEnv,
-                  config_json: configForPersist || null,
+                  config_json: normalizedConfig || null,
                   opencode_auth_json:
-                    typeof openCodeAuthJsonText === "string"
-                      ? openCodeAuthJsonText
+                    typeof options?.openCodeAuthJsonText === "string"
+                      ? options.openCodeAuthJsonText
                       : agent.opencode_auth_json,
                   codex_auth_json:
                     typeof codexAuthJsonText === "string"
                       ? codexAuthJsonText
                       : agent.codex_auth_json,
                   codex_config_toml:
-                    typeof codexConfigTomlText === "string"
-                      ? codexConfigTomlText
+                    typeof options?.codexConfigTomlText === "string"
+                      ? options.codexConfigTomlText
                       : agent.codex_config_toml,
                 }
               : agent
           )
         )
       } finally {
-        setSaving((prev) => ({ ...prev, [agentType]: false }))
+        setSavingConfig((prev) => ({ ...prev, [agentType]: false }))
       }
     },
-    []
+    [agents]
   )
 
   const runBinaryAction = useCallback(
@@ -2986,9 +3130,40 @@ export function AcpAgentSettings() {
     ? (configErrors[selectedAgent.agent_type] ?? null)
     : null
   const selectedIsSaving = selectedAgent
-    ? Boolean(saving[selectedAgent.agent_type])
+    ? Boolean(
+        savingEnv[selectedAgent.agent_type] ||
+        savingConfig[selectedAgent.agent_type]
+      )
+    : false
+  const selectedIsSavingEnv = selectedAgent
+    ? Boolean(savingEnv[selectedAgent.agent_type])
+    : false
+  const selectedIsSavingConfig = selectedAgent
+    ? Boolean(savingConfig[selectedAgent.agent_type])
     : false
   const selectedAgentKind = selectedAgent?.agent_type ?? null
+
+  const selectedModelProviders = useMemo(() => {
+    if (!selectedAgent) return []
+    return modelProviders.filter((p) =>
+      p.agent_types.includes(selectedAgent.agent_type)
+    )
+  }, [modelProviders, selectedAgent])
+
+  const selectedNeedsModelProvider = useMemo(() => {
+    if (!selectedDraft) return false
+    if (!selectedAgent) return false
+    const at = selectedAgent.agent_type
+    if (at === "claude_code")
+      return selectedDraft.claudeAuthMode === "model_provider"
+    if (at === "codex") return selectedDraft.codexAuthMode === "model_provider"
+    if (at === "gemini")
+      return selectedDraft.geminiAuthMode === "model_provider"
+    return false
+  }, [selectedAgent, selectedDraft])
+
+  const selectedMissingModelProvider =
+    selectedNeedsModelProvider && selectedDraft?.modelProviderId == null
   const selectedCodexAuthJsonText = selectedDraft?.codexAuthJsonText ?? ""
   const selectedConfigText = selectedDraft?.configText ?? ""
   const selectedOpenCodeAuthJsonText = selectedDraft?.openCodeAuthJsonText ?? ""
@@ -3196,6 +3371,166 @@ export function AcpAgentSettings() {
     [selectedAgent, selectedDraft, t, updateSelectedDraft]
   )
 
+  const handleClaudeAuthModeChange = useCallback(
+    (nextMode: ClaudeAuthMode) => {
+      if (
+        !selectedAgent ||
+        !selectedDraft ||
+        selectedAgent.agent_type !== "claude_code"
+      )
+        return
+
+      const keys = importantEnvKeysByAgent("claude_code")
+      const allEnvKeys = [...keys.apiBaseUrl, ...keys.apiKey]
+
+      if (nextMode === "official_subscription") {
+        // Clear API URL/API Key from env and config
+        const envPatch: Record<string, string> = {}
+        for (const k of allEnvKeys) envPatch[k] = ""
+        // Build clean display config (remove null keys)
+        const parsed = parseConfigJsonText(selectedDraft.configText)
+        const config: Record<string, unknown> = parsed.error
+          ? {}
+          : { ...parsed.config }
+        delete config.apiBaseUrl
+        delete config.apiKey
+        if (config.env && typeof config.env === "object") {
+          const cfgEnv = { ...(config.env as Record<string, unknown>) }
+          for (const k of allEnvKeys) delete cfgEnv[k]
+          if (Object.keys(cfgEnv).length > 0) {
+            config.env = cfgEnv
+          } else {
+            delete config.env
+          }
+        }
+        const nextConfigText =
+          Object.keys(config).length > 0 ? JSON.stringify(config, null, 2) : ""
+        setConfigErrors((prev) => ({
+          ...prev,
+          [selectedAgent.agent_type]: null,
+        }))
+        updateSelectedDraft((current) => ({
+          ...current,
+          claudeAuthMode: nextMode,
+          modelProviderId: null,
+          apiBaseUrl: "",
+          apiKey: "",
+          envText: patchEnvText(current.envText, envPatch),
+          configText: nextConfigText,
+        }))
+        return
+      }
+
+      // "custom" or "model_provider" — keep existing values, just switch mode
+      updateSelectedDraft((current) => ({
+        ...current,
+        claudeAuthMode: nextMode,
+        modelProviderId:
+          nextMode === "model_provider" ? current.modelProviderId : null,
+      }))
+    },
+    [selectedAgent, selectedDraft, updateSelectedDraft]
+  )
+
+  const handleModelProviderSelect = useCallback(
+    (providerIdStr: string) => {
+      if (!selectedAgent || !selectedDraft) return
+      const providerId = providerIdStr ? Number(providerIdStr) : null
+      const provider = providerId
+        ? modelProviders.find((p) => p.id === providerId)
+        : null
+      const apiUrl = provider?.api_url ?? ""
+      const apiKey = provider?.api_key ?? ""
+      const agentType = selectedAgent.agent_type
+
+      if (agentType === "claude_code") {
+        const nextConfigJson = patchImportantConfigText(
+          agentType,
+          selectedDraft.configText,
+          { apiBaseUrl: apiUrl, apiKey }
+        )
+        setConfigErrors((prev) => ({
+          ...prev,
+          [agentType]: null,
+        }))
+        updateSelectedDraft((current) => ({
+          ...current,
+          modelProviderId: providerId,
+          apiBaseUrl: apiUrl,
+          apiKey,
+          envText: patchEnvByImportantKey(
+            agentType,
+            patchEnvByImportantKey(
+              agentType,
+              current.envText,
+              "apiBaseUrl",
+              apiUrl
+            ),
+            "apiKey",
+            apiKey
+          ),
+          configText: nextConfigJson.configText,
+        }))
+      } else if (agentType === "codex") {
+        const nextAuthJsonText = apiKey
+          ? JSON.stringify({ OPENAI_API_KEY: apiKey }, null, 2)
+          : "{}"
+        const nextConfigTomlText = patchCodexConfigTomlText(
+          selectedDraft.codexConfigTomlText,
+          {
+            modelProvider: CODEX_DEFAULT_MODEL_PROVIDER,
+            apiBaseUrl: apiUrl,
+          }
+        )
+        const synced = extractCodexImportantValues(
+          nextAuthJsonText,
+          nextConfigTomlText
+        )
+        updateSelectedDraft((current) => ({
+          ...current,
+          modelProviderId: providerId,
+          apiBaseUrl: apiUrl,
+          apiKey,
+          codexAuthJsonText: nextAuthJsonText,
+          codexConfigTomlText: nextConfigTomlText,
+          codexModelProvider: CODEX_DEFAULT_MODEL_PROVIDER,
+          codexProviderOptions: synced.providerOptions,
+          envText: patchEnvText(current.envText, {
+            OPENAI_API_KEY: apiKey,
+            OPENAI_BASE_URL: apiUrl,
+          }),
+        }))
+      } else if (agentType === "gemini") {
+        const nextConfigJson = patchGeminiConfigText(selectedDraft.configText, {
+          apiBaseUrl: apiUrl,
+          geminiApiKey: apiKey,
+        })
+        setConfigErrors((prev) => ({
+          ...prev,
+          [agentType]: null,
+        }))
+        updateSelectedDraft((current) => ({
+          ...current,
+          modelProviderId: providerId,
+          apiBaseUrl: apiUrl,
+          apiKey,
+          geminiApiKey: apiKey,
+          envText: patchGeminiEnvText(current.envText, {
+            apiBaseUrl: apiUrl,
+            geminiApiKey: apiKey,
+          }),
+          configText: nextConfigJson.configText,
+        }))
+      } else {
+        updateSelectedDraft((current) => ({
+          ...current,
+          modelProviderId: providerId,
+        }))
+      }
+    },
+    [selectedAgent, selectedDraft, modelProviders, updateSelectedDraft]
+  )
+
   const handleGeminiFieldChange = useCallback(
     (
       key:
@@ -3291,6 +3626,16 @@ export function AcpAgentSettings() {
       )
         return
 
+      if (nextMode === "model_provider") {
+        // Keep existing values; provider selection will fill API URL/Key
+        updateSelectedDraft((current) => ({
+          ...current,
+          geminiAuthMode: nextMode,
+          modelProviderId: current.modelProviderId,
+        }))
+        return
+      }
+
       const patched = patchGeminiAuthMode(
         {
           authMode: selectedDraft.geminiAuthMode,
@@ -3326,6 +3671,7 @@ export function AcpAgentSettings() {
       updateSelectedDraft((current) => ({
         ...current,
         geminiAuthMode: patched.authMode,
+        modelProviderId: null,
         apiBaseUrl: patched.apiBaseUrl,
         apiKey: patched.geminiApiKey || patched.googleApiKey,
         geminiApiKey: patched.geminiApiKey,
@@ -3608,15 +3954,9 @@ export function AcpAgentSettings() {
     ) {
       return
     }
-    persistPreferences(
-      selectedAgent.agent_type,
-      removed.enabled,
-      removed.envText,
-      removed.configText,
-      {
-        openCodeAuthJsonText: removed.openCodeAuthJsonText,
-      }
-    )
+    persistConfig(selectedAgent.agent_type, removed.configText, {
+      openCodeAuthJsonText: removed.openCodeAuthJsonText,
+    })
       .then(() => {
         toast.success(t("toasts.providerDeleted", { providerId }), {
           description: t("toasts.openCodeConfigSynced"),
@@ -3632,7 +3972,7 @@ export function AcpAgentSettings() {
   }, [
     handleOpenCodeRemoveProvider,
     openCodeDeleteProviderId,
-    persistPreferences,
+    persistConfig,
     selectedAgent,
     t,
   ])
@@ -3994,42 +4334,6 @@ export function AcpAgentSettings() {
     [selectedAgent, selectedDraft, updateSelectedDraft]
   )
 
-  const handleCodexModelProviderChange = useCallback(
-    (nextProvider: string) => {
-      if (
-        !selectedAgent ||
-        !selectedDraft ||
-        selectedAgent.agent_type !== "codex"
-      )
-        return
-      const trimmedProvider = nextProvider.trim()
-      if (!trimmedProvider) return
-      const nextToml = patchCodexConfigTomlText(
-        selectedDraft.codexConfigTomlText,
-        {
-          modelProvider: trimmedProvider,
-          modelReasoningEffort: selectedDraft.codexReasoningEffort,
-        }
-      )
-      const synced = extractCodexImportantValues(
-        selectedDraft.codexAuthJsonText,
-        nextToml
-      )
-      updateSelectedDraft((current) => ({
-        ...current,
-        apiBaseUrl: synced.apiBaseUrl,
-        apiKey: synced.apiKey ?? current.apiKey,
-        model: synced.model,
-        codexModelProvider: synced.modelProvider,
-        codexProviderOptions: synced.providerOptions,
-        codexReasoningEffort: synced.reasoningEffort,
-        codexSupportsWebsockets: synced.supportsWebsockets,
-        codexConfigTomlText: nextToml,
-      }))
-    },
-    [selectedAgent, selectedDraft, updateSelectedDraft]
-  )
-
   const handleCodexAuthModeChange = useCallback(
     (nextMode: CodexAuthMode) => {
       if (
@@ -4039,41 +4343,71 @@ export function AcpAgentSettings() {
       )
         return
 
+      if (nextMode === "chatgpt_subscription") {
+        // Official subscription: clear API URL/Key from env, remove model_provider config from toml
+        const nextAuthJsonText = "{}"
+        let nextConfigTomlText = updateTomlRootStringKey(
+          selectedDraft.codexConfigTomlText,
+          "model_provider",
+          ""
+        )
+        nextConfigTomlText = removeTomlSection(
+          nextConfigTomlText,
+          `model_providers.${CODEX_DEFAULT_MODEL_PROVIDER}`
+        )
+        const synced = extractCodexImportantValues(
+          nextAuthJsonText,
+          nextConfigTomlText
+        )
+        updateSelectedDraft((current) => ({
+          ...current,
+          codexAuthMode: nextMode,
+          modelProviderId: null,
+          codexAuthJsonText: nextAuthJsonText,
+          codexConfigTomlText: nextConfigTomlText,
+          envText: patchEnvText(current.envText, {
+            OPENAI_API_KEY: "",
+            OPENAI_BASE_URL: "",
+          }),
+          apiBaseUrl: "",
+          apiKey: "",
+          model: synced.model,
+          codexModelProvider: synced.modelProvider,
+          codexProviderOptions: synced.providerOptions,
+          codexReasoningEffort: synced.reasoningEffort,
+          codexSupportsWebsockets: synced.supportsWebsockets,
+        }))
+        return
+      }
+
+      // "api_key" or "model_provider": ensure model_provider = "codeg" in toml
+      const nextConfigTomlText = patchCodexConfigTomlText(
+        selectedDraft.codexConfigTomlText,
+        { modelProvider: CODEX_DEFAULT_MODEL_PROVIDER }
+      )
       const nextAuthJsonText =
-        nextMode === "chatgpt_subscription"
-          ? "{}"
-          : JSON.stringify({ OPENAI_API_KEY: "" }, null, 2)
-
-      const nextConfigTomlText =
-        nextMode === "chatgpt_subscription"
-          ? ""
-          : selectedDraft.codexConfigTomlText
-
-      const nextEnvText =
-        nextMode === "chatgpt_subscription"
-          ? patchEnvText(selectedDraft.envText, {
-              OPENAI_API_KEY: "",
-              OPENAI_BASE_URL: "",
-            })
-          : selectedDraft.envText
-
+        nextMode === "api_key"
+          ? JSON.stringify(
+              { OPENAI_API_KEY: selectedDraft.apiKey || "" },
+              null,
+              2
+            )
+          : selectedDraft.codexAuthJsonText
       const synced = extractCodexImportantValues(
         nextAuthJsonText,
         nextConfigTomlText
       )
-
       updateSelectedDraft((current) => ({
         ...current,
         codexAuthMode: nextMode,
+        modelProviderId:
+          nextMode === "model_provider" ? current.modelProviderId : null,
         codexAuthJsonText: nextAuthJsonText,
         codexConfigTomlText: nextConfigTomlText,
-        envText: nextEnvText,
-        apiBaseUrl:
-          nextMode === "chatgpt_subscription" ? "" : synced.apiBaseUrl,
-        apiKey:
-          nextMode === "chatgpt_subscription" ? "" : (synced.apiKey ?? ""),
+        apiBaseUrl: synced.apiBaseUrl,
+        apiKey: synced.apiKey ?? current.apiKey,
         model: synced.model,
-        codexModelProvider: synced.modelProvider,
+        codexModelProvider: CODEX_DEFAULT_MODEL_PROVIDER,
         codexProviderOptions: synced.providerOptions,
         codexReasoningEffort: synced.reasoningEffort,
         codexSupportsWebsockets: synced.supportsWebsockets,
@@ -4405,17 +4739,11 @@ export function AcpAgentSettings() {
                           ...prev,
                           [selectedAgent.agent_type]: nextDraft,
                         }))
-                        persistPreferences(
+                        persistEnv(
                           selectedAgent.agent_type,
                           nextEnabled,
                           nextDraft.envText,
-                          nextDraft.configText,
-                          selectedAgent.agent_type === "open_code"
-                            ? {
-                                openCodeAuthJsonText:
-                                  nextDraft.openCodeAuthJsonText,
-                              }
-                            : undefined
+                          nextDraft.modelProviderId
                         ).catch((err) => {
                           console.error(
                             "[Settings] persist enabled failed:",
@@ -4488,17 +4816,11 @@ export function AcpAgentSettings() {
                     <Button
                       size="sm"
                       onClick={() => {
-                        persistPreferences(
+                        persistEnv(
                           selectedAgent.agent_type,
                           selectedDraft.enabled,
                           selectedDraft.envText,
-                          selectedDraft.configText,
-                          selectedAgent.agent_type === "open_code"
-                            ? {
-                                openCodeAuthJsonText:
-                                  selectedDraft.openCodeAuthJsonText,
-                              }
-                            : undefined
+                          selectedDraft.modelProviderId
                         )
                           .then(() => {
                             toast.success(t("toasts.configSaved"), {
@@ -4506,10 +4828,7 @@ export function AcpAgentSettings() {
                             })
                           })
                           .catch((err) => {
-                            console.error(
-                              "[Settings] save preferences failed:",
-                              err
-                            )
+                            console.error("[Settings] save env failed:", err)
                             const message =
                               err instanceof Error ? err.message : String(err)
                             toast.error(t("toasts.saveEnvFailed"), {
@@ -4517,9 +4836,9 @@ export function AcpAgentSettings() {
                             })
                           })
                       }}
-                      disabled={selectedIsSaving}
+                      disabled={selectedIsSavingEnv}
                     >
-                      {selectedIsSaving ? (
+                      {selectedIsSavingEnv ? (
                         <>
                           <Loader2 className="h-3.5 w-3.5 animate-spin" />
                           {t("actions.saving")}
@@ -4566,8 +4885,10 @@ export function AcpAgentSettings() {
                           {CODEX_AUTH_MODES.map((mode) => (
                             <SelectItem key={mode} value={mode}>
                               {mode === "chatgpt_subscription"
-                                ? t("codex.chatgptSubscription")
-                                : "API Key"}
+                                ? t("authModeOfficialSubscription")
+                                : mode === "model_provider"
+                                  ? t("authModeModelProvider")
+                                  : t("authModeCustomEndpoint")}
                             </SelectItem>
                           ))}
                         </SelectContent>
@@ -4575,44 +4896,61 @@ export function AcpAgentSettings() {
                       <p className="text-[11px] text-muted-foreground">
                         {selectedDraft.codexAuthMode === "chatgpt_subscription"
                           ? t("codex.chatgptSubscriptionHint")
-                          : t("codex.apiKeyHint")}
+                          : selectedDraft.codexAuthMode === "model_provider"
+                            ? t("modelProviderHint")
+                            : t("authModeCustomEndpointHint")}
                       </p>
                     </div>
 
-                    {selectedDraft.codexAuthMode !== "chatgpt_subscription" && (
+                    {selectedDraft.codexAuthMode === "model_provider" && (
                       <div className="space-y-1.5">
                         <label className="text-[11px] text-muted-foreground">
-                          Provider
+                          {t("selectModelProvider")}
                         </label>
-                        <Select
-                          value={selectedDraft.codexModelProvider}
-                          onValueChange={handleCodexModelProviderChange}
-                        >
-                          <SelectTrigger className="w-full">
-                            <SelectValue
-                              placeholder={t("codex.selectProvider")}
-                            />
-                          </SelectTrigger>
-                          <SelectContent align="start">
-                            {selectedDraft.codexProviderOptions.map(
-                              (provider) => (
-                                <SelectItem key={provider} value={provider}>
-                                  {provider}
+                        {selectedModelProviders.length > 0 ? (
+                          <Select
+                            value={
+                              selectedDraft.modelProviderId != null
+                                ? String(selectedDraft.modelProviderId)
+                                : ""
+                            }
+                            onValueChange={handleModelProviderSelect}
+                          >
+                            <SelectTrigger className="w-full">
+                              <SelectValue
+                                placeholder={t("selectModelProvider")}
+                              />
+                            </SelectTrigger>
+                            <SelectContent align="start">
+                              {selectedModelProviders.map((provider) => (
+                                <SelectItem
+                                  key={provider.id}
+                                  value={String(provider.id)}
+                                >
+                                  {provider.name}
                                 </SelectItem>
-                              )
-                            )}
-                          </SelectContent>
-                        </Select>
+                              ))}
+                            </SelectContent>
+                          </Select>
+                        ) : (
+                          <p className="text-[11px] text-muted-foreground">
+                            {t("noModelProviderAvailable")}
+                          </p>
+                        )}
                       </div>
                     )}
 
-                    {selectedDraft.codexAuthMode !== "chatgpt_subscription" && (
+                    {(selectedDraft.codexAuthMode === "api_key" ||
+                      selectedDraft.codexAuthMode === "model_provider") && (
                       <div className="space-y-1.5">
                         <label className="text-[11px] text-muted-foreground">
                           API URL
                         </label>
                         <Input
                           value={selectedDraft.apiBaseUrl}
+                          readOnly={
+                            selectedDraft.codexAuthMode === "model_provider"
+                          }
                           onChange={(event) => {
                             handleCodexImportantConfigChange(
                               "apiBaseUrl",
@@ -4624,7 +4962,8 @@ export function AcpAgentSettings() {
                       </div>
                     )}
 
-                    {selectedDraft.codexAuthMode !== "chatgpt_subscription" && (
+                    {(selectedDraft.codexAuthMode === "api_key" ||
+                      selectedDraft.codexAuthMode === "model_provider") && (
                       <div className="space-y-1.5">
                         <label className="text-[11px] text-muted-foreground">
                           API Key
@@ -4637,6 +4976,9 @@ export function AcpAgentSettings() {
                                 : "password"
                             }
                             value={selectedDraft.apiKey}
+                            readOnly={
+                              selectedDraft.codexAuthMode === "model_provider"
+                            }
                             onChange={(event) => {
                               handleCodexImportantConfigChange(
                                 "apiKey",
@@ -4672,7 +5014,8 @@ export function AcpAgentSettings() {
                       </div>
                     )}
 
-                    {selectedDraft.codexAuthMode !== "chatgpt_subscription" && (
+                    {(selectedDraft.codexAuthMode === "api_key" ||
+                      selectedDraft.codexAuthMode === "model_provider") && (
                       <div className="space-y-1.5">
                         <label className="text-[11px] text-muted-foreground">
                           {t("codex.modelName")}
@@ -4784,6 +5127,10 @@ supports_websockets = true`}
                       <Button
                         size="sm"
                         onClick={() => {
+                          if (selectedMissingModelProvider) {
+                            toast.error(t("toasts.modelProviderRequired"))
+                            return
+                          }
                           const codexEnvText =
                             selectedDraft.codexAuthMode ===
                             "chatgpt_subscription"
@@ -4792,18 +5139,24 @@ supports_websockets = true`}
                                   OPENAI_BASE_URL: "",
                                 })
                               : selectedDraft.envText
-                          persistPreferences(
-                            selectedAgent.agent_type,
-                            selectedDraft.enabled,
-                            codexEnvText,
-                            selectedDraft.configText,
-                            {
-                              codexAuthJsonText:
-                                selectedDraft.codexAuthJsonText,
-                              codexConfigTomlText:
-                                selectedDraft.codexConfigTomlText,
-                            }
-                          )
+                          Promise.all([
+                            persistEnv(
+                              selectedAgent.agent_type,
+                              selectedDraft.enabled,
+                              codexEnvText,
+                              selectedDraft.modelProviderId
+                            ),
+                            persistConfig(
+                              selectedAgent.agent_type,
+                              selectedDraft.configText,
+                              {
+                                codexAuthJsonText:
+                                  selectedDraft.codexAuthJsonText,
+                                codexConfigTomlText:
+                                  selectedDraft.codexConfigTomlText,
+                              }
+                            ),
+                          ])
                             .then(() => {
                               toast.success(t("toasts.codexSaved"), {
                                 description: t("toasts.configSavedHint"),
@@ -4821,9 +5174,9 @@ supports_websockets = true`}
                               })
                             })
                         }}
-                        disabled={selectedIsSaving}
+                        disabled={selectedIsSavingEnv || selectedIsSavingConfig}
                       >
-                        {selectedIsSaving ? (
+                        {selectedIsSavingEnv || selectedIsSavingConfig ? (
                           <>
                             <Loader2 className="h-3.5 w-3.5 animate-spin" />
                             {t("actions.saving")}
@@ -4880,6 +5233,44 @@ supports_websockets = true`}
                       </p>
                     </div>
 
+                    {selectedDraft.geminiAuthMode === "model_provider" && (
+                      <div className="space-y-1.5">
+                        <label className="text-[11px] text-muted-foreground">
+                          {t("selectModelProvider")}
+                        </label>
+                        {selectedModelProviders.length > 0 ? (
+                          <Select
+                            value={
+                              selectedDraft.modelProviderId != null
+                                ? String(selectedDraft.modelProviderId)
+                                : ""
+                            }
+                            onValueChange={handleModelProviderSelect}
+                          >
+                            <SelectTrigger className="w-full">
+                              <SelectValue
+                                placeholder={t("selectModelProvider")}
+                              />
+                            </SelectTrigger>
+                            <SelectContent align="start">
+                              {selectedModelProviders.map((provider) => (
+                                <SelectItem
+                                  key={provider.id}
+                                  value={String(provider.id)}
+                                >
+                                  {provider.name}
+                                </SelectItem>
+                              ))}
+                            </SelectContent>
+                          </Select>
+                        ) : (
+                          <p className="text-[11px] text-muted-foreground">
+                            {t("noModelProviderAvailable")}
+                          </p>
+                        )}
+                      </div>
+                    )}
+
                     <div className="space-y-1.5">
                       <label className="text-[11px] text-muted-foreground">
                         Model
@@ -4896,13 +5287,17 @@ supports_websockets = true`}
                       </p>
                     </div>
 
-                    {selectedDraft.geminiAuthMode === "custom" && (
+                    {(selectedDraft.geminiAuthMode === "custom" ||
+                      selectedDraft.geminiAuthMode === "model_provider") && (
                       <div className="space-y-1.5">
                         <label className="text-[11px] text-muted-foreground">
                           GOOGLE_GEMINI_BASE_URL
                         </label>
                         <Input
                           value={selectedDraft.apiBaseUrl}
+                          readOnly={
+                            selectedDraft.geminiAuthMode === "model_provider"
+                          }
                           onChange={(event) => {
                             handleGeminiFieldChange(
                               "apiBaseUrl",
@@ -4916,6 +5311,7 @@ supports_websockets = true`}
 
                     {(selectedDraft.geminiAuthMode === "custom" ||
                       selectedDraft.geminiAuthMode === "gemini_api_key" ||
+                      selectedDraft.geminiAuthMode === "model_provider" ||
                       selectedDraft.geminiAuthMode === "vertex_api_key") && (
                       <div className="space-y-1.5">
                         <label className="text-[11px] text-muted-foreground">
@@ -4935,6 +5331,9 @@ supports_websockets = true`}
                                 ? selectedDraft.googleApiKey
                                 : selectedDraft.geminiApiKey
                             }
+                            readOnly={
+                              selectedDraft.geminiAuthMode === "model_provider"
+                            }
                             onChange={(event) => {
                               if (
                                 selectedDraft.geminiAuthMode ===
@@ -5058,12 +5457,22 @@ supports_websockets = true`}
                       <Button
                         size="sm"
                         onClick={() => {
-                          persistPreferences(
-                            selectedAgent.agent_type,
-                            selectedDraft.enabled,
-                            selectedDraft.envText,
-                            selectedDraft.configText
-                          )
+                          if (selectedMissingModelProvider) {
+                            toast.error(t("toasts.modelProviderRequired"))
+                            return
+                          }
+                          Promise.all([
+                            persistEnv(
+                              selectedAgent.agent_type,
+                              selectedDraft.enabled,
+                              selectedDraft.envText,
+                              selectedDraft.modelProviderId
+                            ),
+                            persistConfig(
+                              selectedAgent.agent_type,
+                              selectedDraft.configText
+                            ),
+                          ])
                             .then(() => {
                               toast.success(t("toasts.geminiSaved"), {
                                 description: t("toasts.configSavedHint"),
@@ -5081,9 +5490,9 @@ supports_websockets = true`}
                               })
                             })
                         }}
-                        disabled={selectedIsSaving}
+                        disabled={selectedIsSavingEnv || selectedIsSavingConfig}
                       >
-                        {selectedIsSaving ? (
+                        {selectedIsSavingEnv || selectedIsSavingConfig ? (
                           <>
                             <Loader2 className="h-3.5 w-3.5 animate-spin" />
                             {t("actions.saving")}
@@ -5638,10 +6047,8 @@ supports_websockets = true`}
                                           type="button"
                                           size="sm"
                                           onClick={() => {
-                                            persistPreferences(
+                                            persistConfig(
                                               selectedAgent.agent_type,
-                                              selectedDraft.enabled,
-                                              selectedDraft.envText,
                                               selectedDraft.configText,
                                               {
                                                 openCodeAuthJsonText:
@@ -5680,9 +6087,9 @@ supports_websockets = true`}
                                                 )
                                               })
                                           }}
-                                          disabled={selectedIsSaving}
+                                          disabled={selectedIsSavingConfig}
                                         >
-                                          {selectedIsSaving ? (
+                                          {selectedIsSavingConfig ? (
                                             <>
                                               <Loader2 className="h-3.5 w-3.5 animate-spin" />
                                               {t("actions.saving")}
@@ -5738,10 +6145,8 @@ supports_websockets = true`}
                       <Button
                         size="sm"
                         onClick={() => {
-                          persistPreferences(
+                          persistConfig(
                             selectedAgent.agent_type,
-                            selectedDraft.enabled,
-                            selectedDraft.envText,
                             selectedDraft.configText,
                             {
                               openCodeAuthJsonText:
@@ -5765,9 +6170,9 @@ supports_websockets = true`}
                               })
                             })
                         }}
-                        disabled={selectedIsSaving}
+                        disabled={selectedIsSavingConfig}
                       >
-                        {selectedIsSaving ? (
+                        {selectedIsSavingConfig ? (
                           <>
                             <Loader2 className="h-3.5 w-3.5 animate-spin" />
                             {t("actions.saving")}
@@ -5918,10 +6323,8 @@ supports_websockets = true`}
                       <Button
                         size="sm"
                         onClick={() => {
-                          persistPreferences(
+                          persistConfig(
                             selectedAgent.agent_type,
-                            selectedDraft.enabled,
-                            selectedDraft.envText,
                             selectedDraft.configText
                           )
                             .then(() => {
@@ -5941,9 +6344,9 @@ supports_websockets = true`}
                               })
                             })
                         }}
-                        disabled={selectedIsSaving}
+                        disabled={selectedIsSavingConfig}
                       >
-                        {selectedIsSaving ? (
+                        {selectedIsSavingConfig ? (
                           <>
                             <Loader2 className="h-3.5 w-3.5 animate-spin" />
                             {t("actions.saving")}
@@ -6059,12 +6462,18 @@ supports_websockets = true`}
                       <Button
                         size="sm"
                         onClick={() => {
-                          persistPreferences(
-                            selectedAgent.agent_type,
-                            selectedDraft.enabled,
-                            selectedDraft.envText,
-                            selectedDraft.configText
-                          )
+                          Promise.all([
+                            persistEnv(
+                              selectedAgent.agent_type,
+                              selectedDraft.enabled,
+                              selectedDraft.envText,
+                              selectedDraft.modelProviderId
+                            ),
+                            persistConfig(
+                              selectedAgent.agent_type,
+                              selectedDraft.configText
+                            ),
+                          ])
                             .then(() => {
                               toast.success(t("toasts.openClawSaved"), {
                                 description: t("toasts.configSavedHint"),
@@ -6082,9 +6491,9 @@ supports_websockets = true`}
                               })
                             })
                         }}
-                        disabled={selectedIsSaving}
+                        disabled={selectedIsSavingEnv || selectedIsSavingConfig}
                       >
-                        {selectedIsSaving ? (
+                        {selectedIsSavingEnv || selectedIsSavingConfig ? (
                           <>
                             <Loader2 className="h-3.5 w-3.5 animate-spin" />
                             {t("actions.saving")}
@@ -6111,67 +6520,165 @@ supports_websockets = true`}
                       </p>
                     </div>
 
-                    <div className="space-y-1.5">
-                      <label className="text-[11px] text-muted-foreground">
-                        API URL
-                      </label>
-                      <Input
-                        value={selectedDraft.apiBaseUrl}
-                        onChange={(event) => {
-                          handleImportantConfigChange(
-                            "apiBaseUrl",
-                            event.target.value
-                          )
-                        }}
-                        placeholder="https://api.example.com"
-                      />
-                    </div>
-
-                    <div className="space-y-1.5">
-                      <label className="text-[11px] text-muted-foreground">
-                        API Key
-                      </label>
-                      <div className="flex items-center gap-2">
-                        <Input
-                          type={
-                            showApiKeys[selectedAgent.agent_type]
-                              ? "text"
-                              : "password"
-                          }
-                          value={selectedDraft.apiKey}
-                          onChange={(event) => {
-                            handleImportantConfigChange(
-                              "apiKey",
-                              event.target.value
-                            )
+                    {selectedAgent.agent_type === "claude_code" && (
+                      <div className="space-y-1.5">
+                        <label className="text-[11px] text-muted-foreground">
+                          {t("claude.authMode")}
+                        </label>
+                        <Select
+                          value={selectedDraft.claudeAuthMode}
+                          onValueChange={(value) => {
+                            if (
+                              CLAUDE_AUTH_MODES.includes(
+                                value as ClaudeAuthMode
+                              )
+                            ) {
+                              handleClaudeAuthModeChange(
+                                value as ClaudeAuthMode
+                              )
+                            }
                           }}
-                          placeholder="sk-..."
-                        />
-                        <Button
-                          type="button"
-                          variant="outline"
-                          size="sm"
-                          onClick={() => {
-                            setShowApiKeys((prev) => ({
-                              ...prev,
-                              [selectedAgent.agent_type]:
-                                !prev[selectedAgent.agent_type],
-                            }))
-                          }}
-                          title={
-                            showApiKeys[selectedAgent.agent_type]
-                              ? t("actions.hideApiKey")
-                              : t("actions.showApiKey")
-                          }
                         >
-                          {showApiKeys[selectedAgent.agent_type] ? (
-                            <EyeOff className="h-3.5 w-3.5" />
-                          ) : (
-                            <Eye className="h-3.5 w-3.5" />
-                          )}
-                        </Button>
+                          <SelectTrigger className="w-full">
+                            <SelectValue />
+                          </SelectTrigger>
+                          <SelectContent align="start">
+                            <SelectItem value="official_subscription">
+                              {t("authModeOfficialSubscription")}
+                            </SelectItem>
+                            <SelectItem value="custom">
+                              {t("authModeCustomEndpoint")}
+                            </SelectItem>
+                            <SelectItem value="model_provider">
+                              {t("authModeModelProvider")}
+                            </SelectItem>
+                          </SelectContent>
+                        </Select>
+                        <p className="text-[11px] text-muted-foreground">
+                          {selectedDraft.claudeAuthMode ===
+                          "official_subscription"
+                            ? t("claude.officialSubscriptionHint")
+                            : selectedDraft.claudeAuthMode === "custom"
+                              ? t("authModeCustomEndpointHint")
+                              : t("modelProviderHint")}
+                        </p>
                       </div>
-                    </div>
+                    )}
+
+                    {selectedAgent.agent_type === "claude_code" &&
+                      selectedDraft.claudeAuthMode === "model_provider" && (
+                        <div className="space-y-1.5">
+                          <label className="text-[11px] text-muted-foreground">
+                            {t("selectModelProvider")}
+                          </label>
+                          {selectedModelProviders.length > 0 ? (
+                            <Select
+                              value={
+                                selectedDraft.modelProviderId != null
+                                  ? String(selectedDraft.modelProviderId)
+                                  : ""
+                              }
+                              onValueChange={handleModelProviderSelect}
+                            >
+                              <SelectTrigger className="w-full">
+                                <SelectValue
+                                  placeholder={t("selectModelProvider")}
+                                />
+                              </SelectTrigger>
+                              <SelectContent align="start">
+                                {selectedModelProviders.map((provider) => (
+                                  <SelectItem
+                                    key={provider.id}
+                                    value={String(provider.id)}
+                                  >
+                                    {provider.name}
+                                  </SelectItem>
+                                ))}
+                              </SelectContent>
+                            </Select>
+                          ) : (
+                            <p className="text-[11px] text-muted-foreground">
+                              {t("noModelProviderAvailable")}
+                            </p>
+                          )}
+                        </div>
+                      )}
+
+                    {(selectedAgent.agent_type !== "claude_code" ||
+                      selectedDraft.claudeAuthMode === "custom") && (
+                      <>
+                        <div className="space-y-1.5">
+                          <label className="text-[11px] text-muted-foreground">
+                            API URL
+                          </label>
+                          <Input
+                            value={selectedDraft.apiBaseUrl}
+                            readOnly={
+                              selectedAgent.agent_type === "claude_code" &&
+                              selectedDraft.claudeAuthMode === "model_provider"
+                            }
+                            onChange={(event) => {
+                              handleImportantConfigChange(
+                                "apiBaseUrl",
+                                event.target.value
+                              )
+                            }}
+                            placeholder="https://api.example.com"
+                          />
+                        </div>
+
+                        <div className="space-y-1.5">
+                          <label className="text-[11px] text-muted-foreground">
+                            API Key
+                          </label>
+                          <div className="flex items-center gap-2">
+                            <Input
+                              type={
+                                showApiKeys[selectedAgent.agent_type]
+                                  ? "text"
+                                  : "password"
+                              }
+                              value={selectedDraft.apiKey}
+                              readOnly={
+                                selectedAgent.agent_type === "claude_code" &&
+                                selectedDraft.claudeAuthMode ===
+                                  "model_provider"
+                              }
+                              onChange={(event) => {
+                                handleImportantConfigChange(
+                                  "apiKey",
+                                  event.target.value
+                                )
+                              }}
+                              placeholder="sk-..."
+                            />
+                            <Button
+                              type="button"
+                              variant="outline"
+                              size="sm"
+                              onClick={() => {
+                                setShowApiKeys((prev) => ({
+                                  ...prev,
+                                  [selectedAgent.agent_type]:
+                                    !prev[selectedAgent.agent_type],
+                                }))
+                              }}
+                              title={
+                                showApiKeys[selectedAgent.agent_type]
+                                  ? t("actions.hideApiKey")
+                                  : t("actions.showApiKey")
+                              }
+                            >
+                              {showApiKeys[selectedAgent.agent_type] ? (
+                                <EyeOff className="h-3.5 w-3.5" />
+                              ) : (
+                                <Eye className="h-3.5 w-3.5" />
+                              )}
+                            </Button>
+                          </div>
+                        </div>
+                      </>
+                    )}
 
                     {selectedAgent.agent_type === "claude_code" ? (
                       <div className="space-y-2">
@@ -6304,12 +6811,22 @@ supports_websockets = true`}
                       <Button
                         size="sm"
                         onClick={() => {
-                          persistPreferences(
-                            selectedAgent.agent_type,
-                            selectedDraft.enabled,
-                            selectedDraft.envText,
-                            selectedDraft.configText
-                          )
+                          if (selectedMissingModelProvider) {
+                            toast.error(t("toasts.modelProviderRequired"))
+                            return
+                          }
+                          Promise.all([
+                            persistEnv(
+                              selectedAgent.agent_type,
+                              selectedDraft.enabled,
+                              selectedDraft.envText,
+                              selectedDraft.modelProviderId
+                            ),
+                            persistConfig(
+                              selectedAgent.agent_type,
+                              selectedDraft.configText
+                            ),
+                          ])
                             .then(() => {
                               toast.success(t("toasts.configSaved"), {
                                 description: t("toasts.configSavedHint"),
@@ -6330,9 +6847,9 @@ supports_websockets = true`}
                               )
                             })
                         }}
-                        disabled={selectedIsSaving}
+                        disabled={selectedIsSavingEnv || selectedIsSavingConfig}
                       >
-                        {selectedIsSaving ? (
+                        {selectedIsSavingEnv || selectedIsSavingConfig ? (
                           <>
                             <Loader2 className="h-3.5 w-3.5 animate-spin" />
                             {t("actions.saving")}
diff --git a/src/i18n/messages/ar.json b/src/i18n/messages/ar.json
index 3517d08..3501a67 100644
--- a/src/i18n/messages/ar.json
+++ b/src/i18n/messages/ar.json
@@ -565,7 +565,18 @@
       "gatewayTokenHint": "يُفضّل استخدام token-file بدل الرمز النصي متى أمكن؛ قم بالإعداد عبر openclaw CLI.",
       "sessionKeyHint": "اختياري. حدّد مفتاح جلسة gateway؛ واتركه فارغًا للتعيين التلقائي لجلسة معزولة."
     },
+    "authModeOfficialSubscription": "الاشتراك الرسمي",
+    "authModeCustomEndpoint": "نقطة نهاية مخصصة",
+    "authModeCustomEndpointHint": "تكوين عنوان API ومفتاح API يدوياً لنقطة نهاية مخصصة.",
+    "authModeModelProvider": "مزود النموذج",
+    "modelProvider": "مزود النموذج",
+    "modelProviderHint": "استخدم عنوان API ومفتاح API من مزود نموذج مُعدّ.",
+    "selectModelProvider": "اختر مزود النموذج",
+    "noModelProviderAvailable": "لا يوجد مزود نموذج مُعدّ لهذا الوكيل. انتقل إلى إعدادات مزود النموذج لإضافة واحد.",
     "claude": {
+      "authMode": "وضع المصادقة",
+      "officialSubscription": "الاشتراك الرسمي",
+      "officialSubscriptionHint": "استخدم اشتراك Anthropic الرسمي، لا حاجة لمفتاح API.",
       "mainModel": "النموذج الرئيسي",
       "reasoningModel": "نموذج الاستدلال (thinking)",
       "haikuDefaultModel": "نموذج Haiku الافتراضي",
@@ -624,7 +635,8 @@
       "configSavedHint": "يجب إعادة فتح الجلسات الحالية لتطبيق التغييرات",
       "saveConfigManagementFailed": "فشل حفظ إدارة الإعدادات",
       "clineSaved": "تم حفظ تكوين Cline",
-      "saveClineFailed": "فشل في حفظ تكوين Cline"
+      "saveClineFailed": "فشل في حفظ تكوين Cline",
+      "modelProviderRequired": "يرجى اختيار مزود نموذج قبل الحفظ."
     },
     "version": {
       "statusLabel": "حالة الإصدار",
diff --git a/src/i18n/messages/de.json b/src/i18n/messages/de.json
index a502ac7..2545bd9 100644
--- a/src/i18n/messages/de.json
+++ b/src/i18n/messages/de.json
@@ -565,7 +565,18 @@
       "gatewayTokenHint": "Wenn möglich token-file statt Klartext-Token verwenden; über openclaw CLI konfigurieren.",
       "sessionKeyHint": "Optional. Gateway-Session-Key angeben; leer lassen für automatische Zuweisung einer isolierten Session."
     },
+    "authModeOfficialSubscription": "Offizielles Abonnement",
+    "authModeCustomEndpoint": "Benutzerdefinierter Endpunkt",
+    "authModeCustomEndpointHint": "API-URL und API-Key manuell für einen benutzerdefinierten Endpunkt konfigurieren.",
+    "authModeModelProvider": "Modellanbieter",
+    "modelProvider": "Modellanbieter",
+    "modelProviderHint": "API-URL und API-Key eines konfigurierten Modellanbieters verwenden.",
+    "selectModelProvider": "Modellanbieter auswählen",
+    "noModelProviderAvailable": "Kein Modellanbieter für diesen Agent konfiguriert. Gehen Sie zu den Modellanbieter-Einstellungen, um einen hinzuzufügen.",
     "claude": {
+      "authMode": "Authentifizierungsmodus",
+      "officialSubscription": "Offizielles Abonnement",
+      "officialSubscriptionHint": "Offizielles Anthropic-Abonnement verwenden, kein API-Key erforderlich.",
       "mainModel": "Hauptmodell",
       "reasoningModel": "Reasoning-Modell (thinking)",
       "haikuDefaultModel": "Standard-Haiku-Modell",
@@ -624,7 +635,8 @@
       "configSavedHint": "Bestehende Sitzungen müssen neu geöffnet werden, damit die Änderungen wirksam werden",
       "saveConfigManagementFailed": "Speichern der Konfigurationsverwaltung fehlgeschlagen",
       "clineSaved": "Cline-Konfiguration gespeichert",
-      "saveClineFailed": "Cline-Konfiguration konnte nicht gespeichert werden"
+      "saveClineFailed": "Cline-Konfiguration konnte nicht gespeichert werden",
+      "modelProviderRequired": "Bitte wählen Sie vor dem Speichern einen Modellanbieter aus."
     },
     "version": {
       "statusLabel": "Versionsstatus",
diff --git a/src/i18n/messages/en.json b/src/i18n/messages/en.json
index df41fa4..0e869f4 100644
--- a/src/i18n/messages/en.json
+++ b/src/i18n/messages/en.json
@@ -565,7 +565,18 @@
       "gatewayTokenHint": "Use token-file instead of plain token when possible; configure via openclaw CLI.",
       "sessionKeyHint": "Optional. Specify gateway session key; leave empty to auto-assign isolated session."
     },
+    "authModeOfficialSubscription": "Official Subscription",
+    "authModeCustomEndpoint": "Custom Endpoint",
+    "authModeCustomEndpointHint": "Manually configure API URL and API Key for a custom endpoint.",
+    "authModeModelProvider": "Model Provider",
+    "modelProvider": "Model Provider",
+    "modelProviderHint": "Use API URL and API Key from a configured model provider.",
+    "selectModelProvider": "Select Model Provider",
+    "noModelProviderAvailable": "No model provider configured for this agent. Go to Model Provider Settings to add one.",
     "claude": {
+      "authMode": "Auth Mode",
+      "officialSubscription": "Official Subscription",
+      "officialSubscriptionHint": "Use official Anthropic subscription, no API Key required.",
       "mainModel": "Main Model",
       "reasoningModel": "Reasoning Model (thinking)",
       "haikuDefaultModel": "Default Haiku Model",
@@ -624,7 +635,8 @@
       "configSavedHint": "Existing sessions need to be reopened to take effect",
       "saveConfigManagementFailed": "Failed to save config management",
       "clineSaved": "Cline config saved",
-      "saveClineFailed": "Failed to save Cline config"
+      "saveClineFailed": "Failed to save Cline config",
+      "modelProviderRequired": "Please select a model provider before saving."
     },
     "version": {
       "statusLabel": "Version Status",
diff --git a/src/i18n/messages/es.json b/src/i18n/messages/es.json
index 3dc7481..f5c608a 100644
--- a/src/i18n/messages/es.json
+++ b/src/i18n/messages/es.json
@@ -565,7 +565,18 @@
       "gatewayTokenHint": "Usa token-file en lugar de token en texto plano cuando sea posible; configúralo con el CLI de openclaw.",
       "sessionKeyHint": "Opcional. Especifica la session key del gateway; si se deja vacío se asigna automáticamente una sesión aislada."
     },
+    "authModeOfficialSubscription": "Suscripción oficial",
+    "authModeCustomEndpoint": "Endpoint personalizado",
+    "authModeCustomEndpointHint": "Configurar manualmente la URL de API y la clave API para un endpoint personalizado.",
+    "authModeModelProvider": "Proveedor de modelo",
+    "modelProvider": "Proveedor de modelo",
+    "modelProviderHint": "Usar la URL de API y la clave API de un proveedor de modelo configurado.",
+    "selectModelProvider": "Seleccionar proveedor de modelo",
+    "noModelProviderAvailable": "No hay proveedor de modelo configurado para este agente. Vaya a la configuración de proveedores de modelo para agregar uno.",
     "claude": {
+      "authMode": "Modo de autenticación",
+      "officialSubscription": "Suscripción oficial",
+      "officialSubscriptionHint": "Usar la suscripción oficial de Anthropic, no se requiere API Key.",
       "mainModel": "Modelo principal",
       "reasoningModel": "Modelo de razonamiento (thinking)",
       "haikuDefaultModel": "Modelo Haiku predeterminado",
@@ -624,7 +635,8 @@
       "configSavedHint": "Las sesiones existentes deben reabrirse para que surta efecto",
       "saveConfigManagementFailed": "No se pudo guardar la gestión de configuración",
       "clineSaved": "Configuración de Cline guardada",
-      "saveClineFailed": "Error al guardar la configuración de Cline"
+      "saveClineFailed": "Error al guardar la configuración de Cline",
+      "modelProviderRequired": "Seleccione un proveedor de modelo antes de guardar."
     },
     "version": {
       "statusLabel": "Estado de versión",
diff --git a/src/i18n/messages/fr.json b/src/i18n/messages/fr.json
index 2dcf116..427a413 100644
--- a/src/i18n/messages/fr.json
+++ b/src/i18n/messages/fr.json
@@ -565,7 +565,18 @@
       "gatewayTokenHint": "Utilisez token-file plutôt qu’un token en clair si possible ; configurez-le via le CLI openclaw.",
       "sessionKeyHint": "Optionnel. Spécifie la session key de la gateway ; laisser vide pour auto-attribuer une session isolée."
     },
+    "authModeOfficialSubscription": "Abonnement officiel",
+    "authModeCustomEndpoint": "Endpoint personnalisé",
+    "authModeCustomEndpointHint": "Configurer manuellement l'URL API et la clé API pour un endpoint personnalisé.",
+    "authModeModelProvider": "Fournisseur de modèle",
+    "modelProvider": "Fournisseur de modèle",
+    "modelProviderHint": "Utiliser l'URL API et la clé API d'un fournisseur de modèle configuré.",
+    "selectModelProvider": "Sélectionner un fournisseur de modèle",
+    "noModelProviderAvailable": "Aucun fournisseur de modèle configuré pour cet agent. Allez dans les paramètres des fournisseurs de modèle pour en ajouter un.",
     "claude": {
+      "authMode": "Mode d'authentification",
+      "officialSubscription": "Abonnement officiel",
+      "officialSubscriptionHint": "Utiliser l'abonnement officiel Anthropic, pas de clé API requise.",
       "mainModel": "Modèle principal",
       "reasoningModel": "Modèle de raisonnement (thinking)",
       "haikuDefaultModel": "Modèle Haiku par défaut",
@@ -624,7 +635,8 @@
       "configSavedHint": "Les sessions existantes doivent être rouvertes pour prendre effet",
       "saveConfigManagementFailed": "Échec de l’enregistrement de la gestion de configuration",
       "clineSaved": "Configuration Cline enregistrée",
-      "saveClineFailed": "Échec de l'enregistrement de la configuration Cline"
+      "saveClineFailed": "Échec de l'enregistrement de la configuration Cline",
+      "modelProviderRequired": "Veuillez sélectionner un fournisseur de modèle avant d'enregistrer."
     },
     "version": {
       "statusLabel": "Statut de version",
diff --git a/src/i18n/messages/ja.json b/src/i18n/messages/ja.json
index aa2cf63..0a866f2 100644
--- a/src/i18n/messages/ja.json
+++ b/src/i18n/messages/ja.json
@@ -565,7 +565,18 @@
       "gatewayTokenHint": "可能な場合は平文トークンではなく token-file の使用を推奨します。openclaw CLI で設定してください。",
       "sessionKeyHint": "任意。gateway の session key を指定します。空欄の場合は分離されたセッションが自動割り当てされます。"
     },
+    "authModeOfficialSubscription": "公式サブスクリプション",
+    "authModeCustomEndpoint": "カスタムエンドポイント",
+    "authModeCustomEndpointHint": "API URL と API Key を手動で設定してカスタムエンドポイントに接続します。",
+    "authModeModelProvider": "モデルプロバイダー",
+    "modelProvider": "モデルプロバイダー",
+    "modelProviderHint": "設定済みモデルプロバイダーの API URL と API Key を使用します。",
+    "selectModelProvider": "モデルプロバイダーを選択",
+    "noModelProviderAvailable": "このエージェントにはモデルプロバイダーが設定されていません。モデルプロバイダー設定で追加してください。",
     "claude": {
+      "authMode": "認証方式",
+      "officialSubscription": "公式サブスクリプション",
+      "officialSubscriptionHint": "Anthropic 公式サブスクリプションを使用、API Key 不要。",
       "mainModel": "メインモデル",
       "reasoningModel": "推論モデル（thinking）",
       "haikuDefaultModel": "デフォルト Haiku モデル",
@@ -624,7 +635,8 @@
       "configSavedHint": "既存のセッションは再度開く必要があります",
       "saveConfigManagementFailed": "設定管理の保存に失敗しました",
       "clineSaved": "Cline設定を保存しました",
-      "saveClineFailed": "Cline設定の保存に失敗しました"
+      "saveClineFailed": "Cline設定の保存に失敗しました",
+      "modelProviderRequired": "保存する前にモデルプロバイダーを選択してください。"
     },
     "version": {
       "statusLabel": "バージョン状態",
diff --git a/src/i18n/messages/ko.json b/src/i18n/messages/ko.json
index 71b7d7f..ec53272 100644
--- a/src/i18n/messages/ko.json
+++ b/src/i18n/messages/ko.json
@@ -565,7 +565,18 @@
       "gatewayTokenHint": "가능하면 평문 토큰 대신 token-file을 사용하세요. openclaw CLI로 설정하세요.",
       "sessionKeyHint": "선택 사항입니다. gateway 세션 키를 지정합니다. 비워두면 격리된 세션이 자동 할당됩니다."
     },
+    "authModeOfficialSubscription": "공식 구독",
+    "authModeCustomEndpoint": "사용자 정의 엔드포인트",
+    "authModeCustomEndpointHint": "API URL과 API Key를 수동으로 구성하여 사용자 정의 엔드포인트에 연결합니다.",
+    "authModeModelProvider": "모델 공급자",
+    "modelProvider": "모델 공급자",
+    "modelProviderHint": "구성된 모델 공급자의 API URL 및 API Key를 사용합니다.",
+    "selectModelProvider": "모델 공급자 선택",
+    "noModelProviderAvailable": "이 에이전트에 구성된 모델 공급자가 없습니다. 모델 공급자 설정에서 추가하세요.",
     "claude": {
+      "authMode": "인증 방식",
+      "officialSubscription": "공식 구독",
+      "officialSubscriptionHint": "Anthropic 공식 구독 사용, API Key 불필요.",
       "mainModel": "메인 모델",
       "reasoningModel": "추론 모델 (thinking)",
       "haikuDefaultModel": "기본 Haiku 모델",
@@ -624,7 +635,8 @@
       "configSavedHint": "기존 세션은 다시 열어야 적용됩니다",
       "saveConfigManagementFailed": "구성 관리 저장 실패",
       "clineSaved": "Cline 설정 저장됨",
-      "saveClineFailed": "Cline 설정 저장 실패"
+      "saveClineFailed": "Cline 설정 저장 실패",
+      "modelProviderRequired": "저장하기 전에 모델 공급자를 선택하세요."
     },
     "version": {
       "statusLabel": "버전 상태",
diff --git a/src/i18n/messages/pt.json b/src/i18n/messages/pt.json
index c0f784d..ee6186b 100644
--- a/src/i18n/messages/pt.json
+++ b/src/i18n/messages/pt.json
@@ -565,7 +565,18 @@
       "gatewayTokenHint": "Use token-file em vez de token em texto puro quando possível; configure via CLI do openclaw.",
       "sessionKeyHint": "Opcional. Especifique a session key do gateway; deixe vazio para atribuição automática de sessão isolada."
     },
+    "authModeOfficialSubscription": "Assinatura oficial",
+    "authModeCustomEndpoint": "Endpoint personalizado",
+    "authModeCustomEndpointHint": "Configurar manualmente a URL da API e a chave API para um endpoint personalizado.",
+    "authModeModelProvider": "Provedor de modelo",
+    "modelProvider": "Provedor de modelo",
+    "modelProviderHint": "Usar URL da API e chave API de um provedor de modelo configurado.",
+    "selectModelProvider": "Selecionar provedor de modelo",
+    "noModelProviderAvailable": "Nenhum provedor de modelo configurado para este agente. Vá para as configurações de provedores de modelo para adicionar um.",
     "claude": {
+      "authMode": "Modo de autenticação",
+      "officialSubscription": "Assinatura oficial",
+      "officialSubscriptionHint": "Usar assinatura oficial da Anthropic, sem necessidade de API Key.",
       "mainModel": "Modelo principal",
       "reasoningModel": "Modelo de raciocínio (thinking)",
       "haikuDefaultModel": "Modelo Haiku padrão",
@@ -624,7 +635,8 @@
       "configSavedHint": "Sessões existentes precisam ser reabertas para que as alterações tenham efeito",
       "saveConfigManagementFailed": "Falha ao salvar o gerenciamento de configuração",
       "clineSaved": "Configuração do Cline salva",
-      "saveClineFailed": "Falha ao salvar a configuração do Cline"
+      "saveClineFailed": "Falha ao salvar a configuração do Cline",
+      "modelProviderRequired": "Selecione um provedor de modelo antes de salvar."
     },
     "version": {
       "statusLabel": "Status da versão",
diff --git a/src/i18n/messages/zh-CN.json b/src/i18n/messages/zh-CN.json
index eb02ebd..144352a 100644
--- a/src/i18n/messages/zh-CN.json
+++ b/src/i18n/messages/zh-CN.json
@@ -565,7 +565,18 @@
       "gatewayTokenHint": "建议使用 token-file 替代明文 Token，可通过 openclaw 命令行配置。",
       "sessionKeyHint": "可选。指定 Gateway Session Key，留空则自动分配隔离会话。"
     },
+    "authModeOfficialSubscription": "官网订阅",
+    "authModeCustomEndpoint": "自定义接口",
+    "authModeCustomEndpointHint": "手动配置 API URL 和 API Key 连接自定义接口。",
+    "authModeModelProvider": "模型供应商",
+    "modelProvider": "模型供应商",
+    "modelProviderHint": "使用已配置的模型供应商的 API URL 和 API Key。",
+    "selectModelProvider": "选择模型供应商",
+    "noModelProviderAvailable": "该代理未配置模型供应商。请前往模型供应商设置添加。",
     "claude": {
+      "authMode": "认证方式",
+      "officialSubscription": "官方订阅",
+      "officialSubscriptionHint": "使用 Anthropic 官方订阅，无需 API Key。",
       "mainModel": "主模型",
       "reasoningModel": "推理模型（thinking）",
       "haikuDefaultModel": "Haiku 默认模型",
@@ -624,7 +635,8 @@
       "configSavedHint": "已有会话需要重新打开才能生效",
       "saveConfigManagementFailed": "保存配置管理失败",
       "clineSaved": "Cline 配置已保存",
-      "saveClineFailed": "保存 Cline 配置失败"
+      "saveClineFailed": "保存 Cline 配置失败",
+      "modelProviderRequired": "请先选择一个模型供应商再保存。"
     },
     "version": {
       "statusLabel": "版本状态",
diff --git a/src/i18n/messages/zh-TW.json b/src/i18n/messages/zh-TW.json
index 3953166..a5b7808 100644
--- a/src/i18n/messages/zh-TW.json
+++ b/src/i18n/messages/zh-TW.json
@@ -565,7 +565,18 @@
       "gatewayTokenHint": "建議使用 token-file 取代明文 Token，可透過 openclaw 命令列配置。",
       "sessionKeyHint": "可選。指定 Gateway Session Key，留空則自動分配隔離會話。"
     },
+    "authModeOfficialSubscription": "官網訂閱",
+    "authModeCustomEndpoint": "自定義介面",
+    "authModeCustomEndpointHint": "手動配置 API URL 和 API Key 連接自定義介面。",
+    "authModeModelProvider": "模型供應商",
+    "modelProvider": "模型供應商",
+    "modelProviderHint": "使用已配置的模型供應商的 API URL 和 API Key。",
+    "selectModelProvider": "選擇模型供應商",
+    "noModelProviderAvailable": "該代理未配置模型供應商。請前往模型供應商設定添加。",
     "claude": {
+      "authMode": "認證方式",
+      "officialSubscription": "官方訂閱",
+      "officialSubscriptionHint": "使用 Anthropic 官方訂閱，無需 API Key。",
       "mainModel": "主模型",
       "reasoningModel": "推理模型（thinking）",
       "haikuDefaultModel": "Haiku 預設模型",
@@ -624,7 +635,8 @@
       "configSavedHint": "已有會話需要重新打開才能生效",
       "saveConfigManagementFailed": "儲存配置管理失敗",
       "clineSaved": "Cline 配置已儲存",
-      "saveClineFailed": "儲存 Cline 配置失敗"
+      "saveClineFailed": "儲存 Cline 配置失敗",
+      "modelProviderRequired": "請先選擇一個模型供應商再儲存。"
     },
     "version": {
       "statusLabel": "版本狀態",
diff --git a/src/lib/api.ts b/src/lib/api.ts
index 5683d3b..65861ea 100644
--- a/src/lib/api.ts
+++ b/src/lib/api.ts
@@ -228,6 +228,40 @@ export async function acpUpdateAgentPreferences(
   })
 }
 
+export async function acpUpdateAgentEnv(
+  agentType: AgentType,
+  params: {
+    enabled: boolean
+    env: Record<string, string>
+    modelProviderId?: number | null
+  }
+): Promise<void> {
+  return getTransport().call("acp_update_agent_env", {
+    agentType,
+    enabled: params.enabled,
+    env: params.env,
+    modelProviderId: params.modelProviderId ?? null,
+  })
+}
+
+export async function acpUpdateAgentConfig(
+  agentType: AgentType,
+  params: {
+    config_json?: string | null
+    opencode_auth_json?: string | null
+    codex_auth_json?: string | null
+    codex_config_toml?: string | null
+  }
+): Promise<void> {
+  return getTransport().call("acp_update_agent_config", {
+    agentType,
+    configJson: params.config_json ?? null,
+    opencodeAuthJson: params.opencode_auth_json ?? null,
+    codexAuthJson: params.codex_auth_json ?? null,
+    codexConfigToml: params.codex_config_toml ?? null,
+  })
+}
+
 export async function acpReorderAgents(agentTypes: AgentType[]): Promise<void> {
   return getTransport().call("acp_reorder_agents", { agentTypes })
 }
diff --git a/src/lib/types.ts b/src/lib/types.ts
index c42fcce..9fbf02b 100644
--- a/src/lib/types.ts
+++ b/src/lib/types.ts
@@ -475,6 +475,7 @@ export interface AcpAgentInfo {
   codex_auth_json: string | null
   codex_config_toml: string | null
   cline_secrets_json: string | null
+  model_provider_id: number | null
 }
 
 // Lightweight agent status returned by acp_get_agent_status
@@ -902,6 +903,7 @@ export interface ModelProviderInfo {
   id: number
   name: string
   api_url: string
+  api_key: string
   api_key_masked: string
   agent_types: AgentType[]
   created_at: string