fix: compatibility gaps in the new Google Vertex ADC manifest evidence

Tighten Google Vertex ADC manifest evidence to canonical project env vars and canonical ADC fallback paths only. Local proof: - OPENCLAW_VITEST_MAX_WORKERS=1 pnpm test src/agents/model-auth.profiles.test.ts src/plugins/manifest-registry.test.ts src/secrets/provider-env-vars.dynamic.test.ts - pnpm exec oxfmt --check --threads=1 docs/plugins/manifest.md extensions/google/openclaw.plugin.json src/agents/model-auth-env.ts src/agents/model-auth.profiles.test.ts src/plugins/manifest.ts - git diff --check origin/main...HEAD CI note: checks-node-core-support-boundary was red on an unrelated tooling assertion in test/scripts/test-projects.test.ts for packages/sdk/src/index.test.ts routing; that file and scripts/test-projects.mjs are unchanged from origin/main.
2026-05-06 12:00:44 +00:00 · 2026-04-30 01:52:09 +01:00
parent 5a631e1ee9
commit 3bd6b54f0b
5 changed files with 93 additions and 13 deletions
--- a/docs/plugins/manifest.md
+++ b/docs/plugins/manifest.md
@@ -431,15 +431,15 @@ provider API probes.

 Supported evidence entries:

-| Field              | Required | Type       | What it means                                                                                 |
-| ------------------ | -------- | ---------- | --------------------------------------------------------------------------------------------- |
-| `type`             | Yes      | `string`   | Currently `local-file-with-env`.                                                              |
-| `fileEnvVar`       | No       | `string`   | Env var containing an explicit credential file path.                                          |
-| `fallbackPaths`    | No       | `string[]` | Local credential file paths checked when `fileEnvVar` is absent or empty. Supports `${HOME}`. |
-| `requiresAnyEnv`   | No       | `string[]` | At least one listed env var must be non-empty before the evidence is valid.                   |
-| `requiresAllEnv`   | No       | `string[]` | Every listed env var must be non-empty before the evidence is valid.                          |
-| `credentialMarker` | Yes      | `string`   | Non-secret marker returned when the evidence is present.                                      |
-| `source`           | No       | `string`   | User-facing source label for auth/status output.                                              |
+| Field              | Required | Type       | What it means                                                                                                  |
+| ------------------ | -------- | ---------- | -------------------------------------------------------------------------------------------------------------- |
+| `type`             | Yes      | `string`   | Currently `local-file-with-env`.                                                                               |
+| `fileEnvVar`       | No       | `string`   | Env var containing an explicit credential file path.                                                           |
+| `fallbackPaths`    | No       | `string[]` | Local credential file paths checked when `fileEnvVar` is absent or empty. Supports `${HOME}` and `${APPDATA}`. |
+| `requiresAnyEnv`   | No       | `string[]` | At least one listed env var must be non-empty before the evidence is valid.                                    |
+| `requiresAllEnv`   | No       | `string[]` | Every listed env var must be non-empty before the evidence is valid.                                           |
+| `credentialMarker` | Yes      | `string`   | Non-secret marker returned when the evidence is present.                                                       |
+| `source`           | No       | `string`   | User-facing source label for auth/status output.                                                               |

 ### setup fields