vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 12:40:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: share env secret ref allowlist check

Browse Source
This commit is contained in:
Peter Steinberger
2026-04-20 23:36:38 +01:00
parent 3fd64772d6
commit 7ca649413a
3 changed files with 20 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
extensions/firecrawl/src/config.ts
View File

@@ -1,5 +1,5 @@
import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime";
import { resolveDefaultSecretProviderAlias } from "openclaw/plugin-sdk/provider-auth";
import { canResolveEnvSecretRefInReadOnlyPath } from "openclaw/plugin-sdk/extension-shared";
import { resolveSecretInputString, normalizeSecretInput } from "openclaw/plugin-sdk/secret-input";
export const DEFAULT_FIRECRAWL_BASE_URL = "https://api.firecrawl.dev";
@@ -108,22 +108,6 @@ type ConfiguredSecretResolution =
| { status: "missing" }
| { status: "blocked" };
function canResolveEnvSecretRefInReadOnlyPath(params: {
cfg?: OpenClawConfig;
provider: string;
id: string;
}): boolean {
const providerConfig = params.cfg?.secrets?.providers?.[params.provider];
if (!providerConfig) {
return params.provider === resolveDefaultSecretProviderAlias(params.cfg ?? {}, "env");
}
if (providerConfig.source !== "env") {
return false;
}
const allowlist = providerConfig.allowlist;
return !allowlist || allowlist.includes(params.id);
}
function resolveConfiguredSecret(
value: unknown,
path: string,

18
extensions/xai/src/tool-auth-shared.ts
View File

@@ -1,7 +1,7 @@
import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime";
import { canResolveEnvSecretRefInReadOnlyPath } from "openclaw/plugin-sdk/extension-shared";
import {
coerceSecretRef,
resolveDefaultSecretProviderAlias,
resolveNonEnvSecretRefApiKeyMarker,
} from "openclaw/plugin-sdk/provider-auth";
import {
@@ -24,22 +24,6 @@ type ConfiguredRuntimeApiKeyResolution =
| { status: "missing" }
| { status: "blocked" };
function canResolveEnvSecretRefInReadOnlyPath(params: {
cfg?: OpenClawConfig;
provider: string;
id: string;
}): boolean {
const providerConfig = params.cfg?.secrets?.providers?.[params.provider];
if (!providerConfig) {
return params.provider === resolveDefaultSecretProviderAlias(params.cfg ?? {}, "env");
}
if (providerConfig.source !== "env") {
return false;
}
const allowlist = providerConfig.allowlist;
return !allowlist || allowlist.includes(params.id);
}
function readConfiguredOrManagedApiKey(value: unknown): string | undefined {
const literal = normalizeSecretInputString(value);
if (literal) {