refactor: annotate secret target registries

extensions/bluebubbles/src/secret-contract.ts

@@ -5,30 +5,31 @@ import {
   type SecretDefaults,
 } from "openclaw/plugin-sdk/channel-secret-basic-runtime";
 
-export const secretTargetRegistryEntries = [
-  {
-    id: "channels.bluebubbles.accounts.*.password",
-    targetType: "channels.bluebubbles.accounts.*.password",
-    configFile: "openclaw.json",
-    pathPattern: "channels.bluebubbles.accounts.*.password",
-    secretShape: "secret_input",
-    expectedResolvedValue: "string",
-    includeInPlan: true,
-    includeInConfigure: true,
-    includeInAudit: true,
-  },
-  {
-    id: "channels.bluebubbles.password",
-    targetType: "channels.bluebubbles.password",
-    configFile: "openclaw.json",
-    pathPattern: "channels.bluebubbles.password",
-    secretShape: "secret_input",
-    expectedResolvedValue: "string",
-    includeInPlan: true,
-    includeInConfigure: true,
-    includeInAudit: true,
-  },
-] satisfies import("openclaw/plugin-sdk/channel-secret-basic-runtime").SecretTargetRegistryEntry[];
+export const secretTargetRegistryEntries: import("openclaw/plugin-sdk/channel-secret-basic-runtime").SecretTargetRegistryEntry[] =
+  [
+    {
+      id: "channels.bluebubbles.accounts.*.password",
+      targetType: "channels.bluebubbles.accounts.*.password",
+      configFile: "openclaw.json",
+      pathPattern: "channels.bluebubbles.accounts.*.password",
+      secretShape: "secret_input",
+      expectedResolvedValue: "string",
+      includeInPlan: true,
+      includeInConfigure: true,
+      includeInAudit: true,
+    },
+    {
+      id: "channels.bluebubbles.password",
+      targetType: "channels.bluebubbles.password",
+      configFile: "openclaw.json",
+      pathPattern: "channels.bluebubbles.password",
+      secretShape: "secret_input",
+      expectedResolvedValue: "string",
+      includeInPlan: true,
+      includeInConfigure: true,
+      includeInAudit: true,
+    },
+  ];
 
 export function collectRuntimeConfigAssignments(params: {
   config: { channels?: Record<string, unknown> };

extensions/googlechat/src/secret-contract.ts

@@ -16,34 +16,35 @@ type GoogleChatAccountLike = {
   accounts?: Record<string, unknown>;
 };
 
-export const secretTargetRegistryEntries = [
-  {
-    id: "channels.googlechat.accounts.*.serviceAccount",
-    targetType: "channels.googlechat.serviceAccount",
-    targetTypeAliases: ["channels.googlechat.accounts.*.serviceAccount"],
-    configFile: "openclaw.json",
-    pathPattern: "channels.googlechat.accounts.*.serviceAccount",
-    refPathPattern: "channels.googlechat.accounts.*.serviceAccountRef",
-    secretShape: "sibling_ref",
-    expectedResolvedValue: "string-or-object",
-    includeInPlan: true,
-    includeInConfigure: true,
-    includeInAudit: true,
-    accountIdPathSegmentIndex: 3,
-  },
-  {
-    id: "channels.googlechat.serviceAccount",
-    targetType: "channels.googlechat.serviceAccount",
-    configFile: "openclaw.json",
-    pathPattern: "channels.googlechat.serviceAccount",
-    refPathPattern: "channels.googlechat.serviceAccountRef",
-    secretShape: "sibling_ref",
-    expectedResolvedValue: "string-or-object",
-    includeInPlan: true,
-    includeInConfigure: true,
-    includeInAudit: true,
-  },
-] satisfies import("openclaw/plugin-sdk/channel-secret-basic-runtime").SecretTargetRegistryEntry[];
+export const secretTargetRegistryEntries: import("openclaw/plugin-sdk/channel-secret-basic-runtime").SecretTargetRegistryEntry[] =
+  [
+    {
+      id: "channels.googlechat.accounts.*.serviceAccount",
+      targetType: "channels.googlechat.serviceAccount",
+      targetTypeAliases: ["channels.googlechat.accounts.*.serviceAccount"],
+      configFile: "openclaw.json",
+      pathPattern: "channels.googlechat.accounts.*.serviceAccount",
+      refPathPattern: "channels.googlechat.accounts.*.serviceAccountRef",
+      secretShape: "sibling_ref",
+      expectedResolvedValue: "string-or-object",
+      includeInPlan: true,
+      includeInConfigure: true,
+      includeInAudit: true,
+      accountIdPathSegmentIndex: 3,
+    },
+    {
+      id: "channels.googlechat.serviceAccount",
+      targetType: "channels.googlechat.serviceAccount",
+      configFile: "openclaw.json",
+      pathPattern: "channels.googlechat.serviceAccount",
+      refPathPattern: "channels.googlechat.serviceAccountRef",
+      secretShape: "sibling_ref",
+      expectedResolvedValue: "string-or-object",
+      includeInPlan: true,
+      includeInConfigure: true,
+      includeInAudit: true,
+    },
+  ];
 
 function resolveSecretInputRef(params: {
   value: unknown;

extensions/irc/src/secret-contract.ts

@@ -9,52 +9,53 @@ import {
   type SecretDefaults,
 } from "openclaw/plugin-sdk/channel-secret-basic-runtime";
 
-export const secretTargetRegistryEntries = [
-  {
-    id: "channels.irc.accounts.*.nickserv.password",
-    targetType: "channels.irc.accounts.*.nickserv.password",
-    configFile: "openclaw.json",
-    pathPattern: "channels.irc.accounts.*.nickserv.password",
-    secretShape: "secret_input",
-    expectedResolvedValue: "string",
-    includeInPlan: true,
-    includeInConfigure: true,
-    includeInAudit: true,
-  },
-  {
-    id: "channels.irc.accounts.*.password",
-    targetType: "channels.irc.accounts.*.password",
-    configFile: "openclaw.json",
-    pathPattern: "channels.irc.accounts.*.password",
-    secretShape: "secret_input",
-    expectedResolvedValue: "string",
-    includeInPlan: true,
-    includeInConfigure: true,
-    includeInAudit: true,
-  },
-  {
-    id: "channels.irc.nickserv.password",
-    targetType: "channels.irc.nickserv.password",
-    configFile: "openclaw.json",
-    pathPattern: "channels.irc.nickserv.password",
-    secretShape: "secret_input",
-    expectedResolvedValue: "string",
-    includeInPlan: true,
-    includeInConfigure: true,
-    includeInAudit: true,
-  },
-  {
-    id: "channels.irc.password",
-    targetType: "channels.irc.password",
-    configFile: "openclaw.json",
-    pathPattern: "channels.irc.password",
-    secretShape: "secret_input",
-    expectedResolvedValue: "string",
-    includeInPlan: true,
-    includeInConfigure: true,
-    includeInAudit: true,
-  },
-] satisfies import("openclaw/plugin-sdk/channel-secret-basic-runtime").SecretTargetRegistryEntry[];
+export const secretTargetRegistryEntries: import("openclaw/plugin-sdk/channel-secret-basic-runtime").SecretTargetRegistryEntry[] =
+  [
+    {
+      id: "channels.irc.accounts.*.nickserv.password",
+      targetType: "channels.irc.accounts.*.nickserv.password",
+      configFile: "openclaw.json",
+      pathPattern: "channels.irc.accounts.*.nickserv.password",
+      secretShape: "secret_input",
+      expectedResolvedValue: "string",
+      includeInPlan: true,
+      includeInConfigure: true,
+      includeInAudit: true,
+    },
+    {
+      id: "channels.irc.accounts.*.password",
+      targetType: "channels.irc.accounts.*.password",
+      configFile: "openclaw.json",
+      pathPattern: "channels.irc.accounts.*.password",
+      secretShape: "secret_input",
+      expectedResolvedValue: "string",
+      includeInPlan: true,
+      includeInConfigure: true,
+      includeInAudit: true,
+    },
+    {
+      id: "channels.irc.nickserv.password",
+      targetType: "channels.irc.nickserv.password",
+      configFile: "openclaw.json",
+      pathPattern: "channels.irc.nickserv.password",
+      secretShape: "secret_input",
+      expectedResolvedValue: "string",
+      includeInPlan: true,
+      includeInConfigure: true,
+      includeInAudit: true,
+    },
+    {
+      id: "channels.irc.password",
+      targetType: "channels.irc.password",
+      configFile: "openclaw.json",
+      pathPattern: "channels.irc.password",
+      secretShape: "secret_input",
+      expectedResolvedValue: "string",
+      includeInPlan: true,
+      includeInConfigure: true,
+      includeInAudit: true,
+    },
+  ];
 
 export function collectRuntimeConfigAssignments(params: {
   config: { channels?: Record<string, unknown> };

extensions/matrix/src/secret-contract.ts

@@ -10,52 +10,53 @@ import {
 } from "openclaw/plugin-sdk/channel-secret-basic-runtime";
 import { getMatrixScopedEnvVarNames } from "./env-vars.js";
 
-export const secretTargetRegistryEntries = [
-  {
-    id: "channels.matrix.accounts.*.accessToken",
-    targetType: "channels.matrix.accounts.*.accessToken",
-    configFile: "openclaw.json",
-    pathPattern: "channels.matrix.accounts.*.accessToken",
-    secretShape: "secret_input",
-    expectedResolvedValue: "string",
-    includeInPlan: true,
-    includeInConfigure: true,
-    includeInAudit: true,
-  },
-  {
-    id: "channels.matrix.accounts.*.password",
-    targetType: "channels.matrix.accounts.*.password",
-    configFile: "openclaw.json",
-    pathPattern: "channels.matrix.accounts.*.password",
-    secretShape: "secret_input",
-    expectedResolvedValue: "string",
-    includeInPlan: true,
-    includeInConfigure: true,
-    includeInAudit: true,
-  },
-  {
-    id: "channels.matrix.accessToken",
-    targetType: "channels.matrix.accessToken",
-    configFile: "openclaw.json",
-    pathPattern: "channels.matrix.accessToken",
-    secretShape: "secret_input",
-    expectedResolvedValue: "string",
-    includeInPlan: true,
-    includeInConfigure: true,
-    includeInAudit: true,
-  },
-  {
-    id: "channels.matrix.password",
-    targetType: "channels.matrix.password",
-    configFile: "openclaw.json",
-    pathPattern: "channels.matrix.password",
-    secretShape: "secret_input",
-    expectedResolvedValue: "string",
-    includeInPlan: true,
-    includeInConfigure: true,
-    includeInAudit: true,
-  },
-] satisfies import("openclaw/plugin-sdk/channel-secret-basic-runtime").SecretTargetRegistryEntry[];
+export const secretTargetRegistryEntries: import("openclaw/plugin-sdk/channel-secret-basic-runtime").SecretTargetRegistryEntry[] =
+  [
+    {
+      id: "channels.matrix.accounts.*.accessToken",
+      targetType: "channels.matrix.accounts.*.accessToken",
+      configFile: "openclaw.json",
+      pathPattern: "channels.matrix.accounts.*.accessToken",
+      secretShape: "secret_input",
+      expectedResolvedValue: "string",
+      includeInPlan: true,
+      includeInConfigure: true,
+      includeInAudit: true,
+    },
+    {
+      id: "channels.matrix.accounts.*.password",
+      targetType: "channels.matrix.accounts.*.password",
+      configFile: "openclaw.json",
+      pathPattern: "channels.matrix.accounts.*.password",
+      secretShape: "secret_input",
+      expectedResolvedValue: "string",
+      includeInPlan: true,
+      includeInConfigure: true,
+      includeInAudit: true,
+    },
+    {
+      id: "channels.matrix.accessToken",
+      targetType: "channels.matrix.accessToken",
+      configFile: "openclaw.json",
+      pathPattern: "channels.matrix.accessToken",
+      secretShape: "secret_input",
+      expectedResolvedValue: "string",
+      includeInPlan: true,
+      includeInConfigure: true,
+      includeInAudit: true,
+    },
+    {
+      id: "channels.matrix.password",
+      targetType: "channels.matrix.password",
+      configFile: "openclaw.json",
+      pathPattern: "channels.matrix.password",
+      secretShape: "secret_input",
+      expectedResolvedValue: "string",
+      includeInPlan: true,
+      includeInConfigure: true,
+      includeInAudit: true,
+    },
+  ];
 
 export function collectRuntimeConfigAssignments(params: {
   config: { channels?: Record<string, unknown> };

extensions/msteams/src/secret-contract.ts

@@ -5,19 +5,20 @@ import {
   type SecretDefaults,
 } from "openclaw/plugin-sdk/channel-secret-basic-runtime";
 
-export const secretTargetRegistryEntries = [
-  {
-    id: "channels.msteams.appPassword",
-    targetType: "channels.msteams.appPassword",
-    configFile: "openclaw.json",
-    pathPattern: "channels.msteams.appPassword",
-    secretShape: "secret_input",
-    expectedResolvedValue: "string",
-    includeInPlan: true,
-    includeInConfigure: true,
-    includeInAudit: true,
-  },
-] satisfies import("openclaw/plugin-sdk/channel-secret-basic-runtime").SecretTargetRegistryEntry[];
+export const secretTargetRegistryEntries: import("openclaw/plugin-sdk/channel-secret-basic-runtime").SecretTargetRegistryEntry[] =
+  [
+    {
+      id: "channels.msteams.appPassword",
+      targetType: "channels.msteams.appPassword",
+      configFile: "openclaw.json",
+      pathPattern: "channels.msteams.appPassword",
+      secretShape: "secret_input",
+      expectedResolvedValue: "string",
+      includeInPlan: true,
+      includeInConfigure: true,
+      includeInAudit: true,
+    },
+  ];
 
 export function collectRuntimeConfigAssignments(params: {
   config: { channels?: Record<string, unknown> };

extensions/nextcloud-talk/src/secret-contract.ts

@@ -7,52 +7,53 @@ import {
   type SecretDefaults,
 } from "openclaw/plugin-sdk/channel-secret-basic-runtime";
 
-export const secretTargetRegistryEntries = [
-  {
-    id: "channels.nextcloud-talk.accounts.*.apiPassword",
-    targetType: "channels.nextcloud-talk.accounts.*.apiPassword",
-    configFile: "openclaw.json",
-    pathPattern: "channels.nextcloud-talk.accounts.*.apiPassword",
-    secretShape: "secret_input",
-    expectedResolvedValue: "string",
-    includeInPlan: true,
-    includeInConfigure: true,
-    includeInAudit: true,
-  },
-  {
-    id: "channels.nextcloud-talk.accounts.*.botSecret",
-    targetType: "channels.nextcloud-talk.accounts.*.botSecret",
-    configFile: "openclaw.json",
-    pathPattern: "channels.nextcloud-talk.accounts.*.botSecret",
-    secretShape: "secret_input",
-    expectedResolvedValue: "string",
-    includeInPlan: true,
-    includeInConfigure: true,
-    includeInAudit: true,
-  },
-  {
-    id: "channels.nextcloud-talk.apiPassword",
-    targetType: "channels.nextcloud-talk.apiPassword",
-    configFile: "openclaw.json",
-    pathPattern: "channels.nextcloud-talk.apiPassword",
-    secretShape: "secret_input",
-    expectedResolvedValue: "string",
-    includeInPlan: true,
-    includeInConfigure: true,
-    includeInAudit: true,
-  },
-  {
-    id: "channels.nextcloud-talk.botSecret",
-    targetType: "channels.nextcloud-talk.botSecret",
-    configFile: "openclaw.json",
-    pathPattern: "channels.nextcloud-talk.botSecret",
-    secretShape: "secret_input",
-    expectedResolvedValue: "string",
-    includeInPlan: true,
-    includeInConfigure: true,
-    includeInAudit: true,
-  },
-] satisfies import("openclaw/plugin-sdk/channel-secret-basic-runtime").SecretTargetRegistryEntry[];
+export const secretTargetRegistryEntries: import("openclaw/plugin-sdk/channel-secret-basic-runtime").SecretTargetRegistryEntry[] =
+  [
+    {
+      id: "channels.nextcloud-talk.accounts.*.apiPassword",
+      targetType: "channels.nextcloud-talk.accounts.*.apiPassword",
+      configFile: "openclaw.json",
+      pathPattern: "channels.nextcloud-talk.accounts.*.apiPassword",
+      secretShape: "secret_input",
+      expectedResolvedValue: "string",
+      includeInPlan: true,
+      includeInConfigure: true,
+      includeInAudit: true,
+    },
+    {
+      id: "channels.nextcloud-talk.accounts.*.botSecret",
+      targetType: "channels.nextcloud-talk.accounts.*.botSecret",
+      configFile: "openclaw.json",
+      pathPattern: "channels.nextcloud-talk.accounts.*.botSecret",
+      secretShape: "secret_input",
+      expectedResolvedValue: "string",
+      includeInPlan: true,
+      includeInConfigure: true,
+      includeInAudit: true,
+    },
+    {
+      id: "channels.nextcloud-talk.apiPassword",
+      targetType: "channels.nextcloud-talk.apiPassword",
+      configFile: "openclaw.json",
+      pathPattern: "channels.nextcloud-talk.apiPassword",
+      secretShape: "secret_input",
+      expectedResolvedValue: "string",
+      includeInPlan: true,
+      includeInConfigure: true,
+      includeInAudit: true,
+    },
+    {
+      id: "channels.nextcloud-talk.botSecret",
+      targetType: "channels.nextcloud-talk.botSecret",
+      configFile: "openclaw.json",
+      pathPattern: "channels.nextcloud-talk.botSecret",
+      secretShape: "secret_input",
+      expectedResolvedValue: "string",
+      includeInPlan: true,
+      includeInConfigure: true,
+      includeInAudit: true,
+    },
+  ];
 
 export function collectRuntimeConfigAssignments(params: {
   config: { channels?: Record<string, unknown> };

extensions/slack/src/secret-contract.ts

@@ -7,96 +7,97 @@ import {
   type SecretDefaults,
 } from "openclaw/plugin-sdk/channel-secret-basic-runtime";
 
-export const secretTargetRegistryEntries = [
-  {
-    id: "channels.slack.accounts.*.appToken",
-    targetType: "channels.slack.accounts.*.appToken",
-    configFile: "openclaw.json",
-    pathPattern: "channels.slack.accounts.*.appToken",
-    secretShape: "secret_input",
-    expectedResolvedValue: "string",
-    includeInPlan: true,
-    includeInConfigure: true,
-    includeInAudit: true,
-  },
-  {
-    id: "channels.slack.accounts.*.botToken",
-    targetType: "channels.slack.accounts.*.botToken",
-    configFile: "openclaw.json",
-    pathPattern: "channels.slack.accounts.*.botToken",
-    secretShape: "secret_input",
-    expectedResolvedValue: "string",
-    includeInPlan: true,
-    includeInConfigure: true,
-    includeInAudit: true,
-  },
-  {
-    id: "channels.slack.accounts.*.signingSecret",
-    targetType: "channels.slack.accounts.*.signingSecret",
-    configFile: "openclaw.json",
-    pathPattern: "channels.slack.accounts.*.signingSecret",
-    secretShape: "secret_input",
-    expectedResolvedValue: "string",
-    includeInPlan: true,
-    includeInConfigure: true,
-    includeInAudit: true,
-  },
-  {
-    id: "channels.slack.accounts.*.userToken",
-    targetType: "channels.slack.accounts.*.userToken",
-    configFile: "openclaw.json",
-    pathPattern: "channels.slack.accounts.*.userToken",
-    secretShape: "secret_input",
-    expectedResolvedValue: "string",
-    includeInPlan: true,
-    includeInConfigure: true,
-    includeInAudit: true,
-  },
-  {
-    id: "channels.slack.appToken",
-    targetType: "channels.slack.appToken",
-    configFile: "openclaw.json",
-    pathPattern: "channels.slack.appToken",
-    secretShape: "secret_input",
-    expectedResolvedValue: "string",
-    includeInPlan: true,
-    includeInConfigure: true,
-    includeInAudit: true,
-  },
-  {
-    id: "channels.slack.botToken",
-    targetType: "channels.slack.botToken",
-    configFile: "openclaw.json",
-    pathPattern: "channels.slack.botToken",
-    secretShape: "secret_input",
-    expectedResolvedValue: "string",
-    includeInPlan: true,
-    includeInConfigure: true,
-    includeInAudit: true,
-  },
-  {
-    id: "channels.slack.signingSecret",
-    targetType: "channels.slack.signingSecret",
-    configFile: "openclaw.json",
-    pathPattern: "channels.slack.signingSecret",
-    secretShape: "secret_input",
-    expectedResolvedValue: "string",
-    includeInPlan: true,
-    includeInConfigure: true,
-    includeInAudit: true,
-  },
-  {
-    id: "channels.slack.userToken",
-    targetType: "channels.slack.userToken",
-    configFile: "openclaw.json",
-    pathPattern: "channels.slack.userToken",
-    secretShape: "secret_input",
-    expectedResolvedValue: "string",
-    includeInPlan: true,
-    includeInConfigure: true,
-    includeInAudit: true,
-  },
-] satisfies import("openclaw/plugin-sdk/channel-secret-basic-runtime").SecretTargetRegistryEntry[];
+export const secretTargetRegistryEntries: import("openclaw/plugin-sdk/channel-secret-basic-runtime").SecretTargetRegistryEntry[] =
+  [
+    {
+      id: "channels.slack.accounts.*.appToken",
+      targetType: "channels.slack.accounts.*.appToken",
+      configFile: "openclaw.json",
+      pathPattern: "channels.slack.accounts.*.appToken",
+      secretShape: "secret_input",
+      expectedResolvedValue: "string",
+      includeInPlan: true,
+      includeInConfigure: true,
+      includeInAudit: true,
+    },
+    {
+      id: "channels.slack.accounts.*.botToken",
+      targetType: "channels.slack.accounts.*.botToken",
+      configFile: "openclaw.json",
+      pathPattern: "channels.slack.accounts.*.botToken",
+      secretShape: "secret_input",
+      expectedResolvedValue: "string",
+      includeInPlan: true,
+      includeInConfigure: true,
+      includeInAudit: true,
+    },
+    {
+      id: "channels.slack.accounts.*.signingSecret",
+      targetType: "channels.slack.accounts.*.signingSecret",
+      configFile: "openclaw.json",
+      pathPattern: "channels.slack.accounts.*.signingSecret",
+      secretShape: "secret_input",
+      expectedResolvedValue: "string",
+      includeInPlan: true,
+      includeInConfigure: true,
+      includeInAudit: true,
+    },
+    {
+      id: "channels.slack.accounts.*.userToken",
+      targetType: "channels.slack.accounts.*.userToken",
+      configFile: "openclaw.json",
+      pathPattern: "channels.slack.accounts.*.userToken",
+      secretShape: "secret_input",
+      expectedResolvedValue: "string",
+      includeInPlan: true,
+      includeInConfigure: true,
+      includeInAudit: true,
+    },
+    {
+      id: "channels.slack.appToken",
+      targetType: "channels.slack.appToken",
+      configFile: "openclaw.json",
+      pathPattern: "channels.slack.appToken",
+      secretShape: "secret_input",
+      expectedResolvedValue: "string",
+      includeInPlan: true,
+      includeInConfigure: true,
+      includeInAudit: true,
+    },
+    {
+      id: "channels.slack.botToken",
+      targetType: "channels.slack.botToken",
+      configFile: "openclaw.json",
+      pathPattern: "channels.slack.botToken",
+      secretShape: "secret_input",
+      expectedResolvedValue: "string",
+      includeInPlan: true,
+      includeInConfigure: true,
+      includeInAudit: true,
+    },
+    {
+      id: "channels.slack.signingSecret",
+      targetType: "channels.slack.signingSecret",
+      configFile: "openclaw.json",
+      pathPattern: "channels.slack.signingSecret",
+      secretShape: "secret_input",
+      expectedResolvedValue: "string",
+      includeInPlan: true,
+      includeInConfigure: true,
+      includeInAudit: true,
+    },
+    {
+      id: "channels.slack.userToken",
+      targetType: "channels.slack.userToken",
+      configFile: "openclaw.json",
+      pathPattern: "channels.slack.userToken",
+      secretShape: "secret_input",
+      expectedResolvedValue: "string",
+      includeInPlan: true,
+      includeInConfigure: true,
+      includeInAudit: true,
+    },
+  ];
 
 export function collectRuntimeConfigAssignments(params: {
   config: { channels?: Record<string, unknown> };

extensions/telegram/src/secret-contract.ts

@@ -15,52 +15,53 @@ function normalizeOptionalString(value: unknown): string | undefined {
   return trimmed ? trimmed : undefined;
 }
 
-export const secretTargetRegistryEntries = [
-  {
-    id: "channels.telegram.accounts.*.botToken",
-    targetType: "channels.telegram.accounts.*.botToken",
-    configFile: "openclaw.json",
-    pathPattern: "channels.telegram.accounts.*.botToken",
-    secretShape: "secret_input",
-    expectedResolvedValue: "string",
-    includeInPlan: true,
-    includeInConfigure: true,
-    includeInAudit: true,
-  },
-  {
-    id: "channels.telegram.accounts.*.webhookSecret",
-    targetType: "channels.telegram.accounts.*.webhookSecret",
-    configFile: "openclaw.json",
-    pathPattern: "channels.telegram.accounts.*.webhookSecret",
-    secretShape: "secret_input",
-    expectedResolvedValue: "string",
-    includeInPlan: true,
-    includeInConfigure: true,
-    includeInAudit: true,
-  },
-  {
-    id: "channels.telegram.botToken",
-    targetType: "channels.telegram.botToken",
-    configFile: "openclaw.json",
-    pathPattern: "channels.telegram.botToken",
-    secretShape: "secret_input",
-    expectedResolvedValue: "string",
-    includeInPlan: true,
-    includeInConfigure: true,
-    includeInAudit: true,
-  },
-  {
-    id: "channels.telegram.webhookSecret",
-    targetType: "channels.telegram.webhookSecret",
-    configFile: "openclaw.json",
-    pathPattern: "channels.telegram.webhookSecret",
-    secretShape: "secret_input",
-    expectedResolvedValue: "string",
-    includeInPlan: true,
-    includeInConfigure: true,
-    includeInAudit: true,
-  },
-] satisfies import("openclaw/plugin-sdk/channel-secret-basic-runtime").SecretTargetRegistryEntry[];
+export const secretTargetRegistryEntries: import("openclaw/plugin-sdk/channel-secret-basic-runtime").SecretTargetRegistryEntry[] =
+  [
+    {
+      id: "channels.telegram.accounts.*.botToken",
+      targetType: "channels.telegram.accounts.*.botToken",
+      configFile: "openclaw.json",
+      pathPattern: "channels.telegram.accounts.*.botToken",
+      secretShape: "secret_input",
+      expectedResolvedValue: "string",
+      includeInPlan: true,
+      includeInConfigure: true,
+      includeInAudit: true,
+    },
+    {
+      id: "channels.telegram.accounts.*.webhookSecret",
+      targetType: "channels.telegram.accounts.*.webhookSecret",
+      configFile: "openclaw.json",
+      pathPattern: "channels.telegram.accounts.*.webhookSecret",
+      secretShape: "secret_input",
+      expectedResolvedValue: "string",
+      includeInPlan: true,
+      includeInConfigure: true,
+      includeInAudit: true,
+    },
+    {
+      id: "channels.telegram.botToken",
+      targetType: "channels.telegram.botToken",
+      configFile: "openclaw.json",
+      pathPattern: "channels.telegram.botToken",
+      secretShape: "secret_input",
+      expectedResolvedValue: "string",
+      includeInPlan: true,
+      includeInConfigure: true,
+      includeInAudit: true,
+    },
+    {
+      id: "channels.telegram.webhookSecret",
+      targetType: "channels.telegram.webhookSecret",
+      configFile: "openclaw.json",
+      pathPattern: "channels.telegram.webhookSecret",
+      secretShape: "secret_input",
+      expectedResolvedValue: "string",
+      includeInPlan: true,
+      includeInConfigure: true,
+      includeInAudit: true,
+    },
+  ];
 
 export function collectRuntimeConfigAssignments(params: {
   config: { channels?: Record<string, unknown> };