warn_on_split_credential_source

Log when a provider's key and endpoint resolve from different env tiers.

The DEEPAGENTS_CODE_ prefix is a per-variable override, not a credential bundle: setting DEEPAGENTS_CODE_OPENAI_API_KEY while leaving the endpoint to a plain OPENAI_BASE_URL makes the key resolve from the prefixed tier and the endpoint from the unprefixed one. A key and its endpoint are a coherent pair (see PROVIDER_BASE_URL_ENV), so a split source is a likely misconfiguration -- e.g. a provider-native key shipped to a gateway URL, or vice versa.

This is purely diagnostic: it never mutates os.environ or changes resolution. Only the env var names are logged, never the secret value or the URL. It is emitted at DEBUG because the deepagents_code package logger only attaches a handler when DEEPAGENTS_CODE_DEBUG is set, and DEBUG stays below logging.lastResort's WARNING stderr threshold so it cannot bleed onto stderr and corrupt the Textual TUI. The DEEPAGENTS_CODE_DEBUG file log is where someone chasing a wrong-endpoint bug will look.

A config.toml base_url literal wins over env vars in get_base_url, so when one is set there is no env-tier split to flag and this returns early.