refactor: hide acp auth internals

src/acp/control-plane/manager.utils.ts

@@ -47,7 +47,7 @@ export function requireReadySessionMeta(resolution: AcpSessionResolution): Sessi
   throw resolveAcpSessionResolutionError(resolution);
 }
 
-export function normalizeSessionKey(sessionKey: string): string {
+function normalizeSessionKey(sessionKey: string): string {
   return sessionKey.trim();
 }
 

src/acp/control-plane/runtime-options.ts

@@ -82,7 +82,7 @@ export function validateRuntimeModelInput(rawModel: unknown): string {
   });
 }
 
-export function validateRuntimeThinkingInput(rawThinking: unknown): string {
+function validateRuntimeThinkingInput(rawThinking: unknown): string {
   return validateBoundedText({
     value: rawThinking,
     field: "Thinking level",
@@ -110,7 +110,7 @@ export function validateRuntimeCwdInput(rawCwd: unknown): string {
   return cwd;
 }
 
-export function validateRuntimeTimeoutSecondsInput(rawTimeout: unknown): number {
+function validateRuntimeTimeoutSecondsInput(rawTimeout: unknown): number {
   if (typeof rawTimeout !== "number" || !Number.isFinite(rawTimeout)) {
     failInvalidOption("Timeout must be a positive integer in seconds.");
   }

src/agents/auth-profiles/persisted.ts

@@ -103,7 +103,7 @@ function warnRejectedCredentialEntries(source: string, rejected: RejectedCredent
   });
 }
 
-export function coerceLegacyAuthStore(raw: unknown): LegacyAuthStore | null {
+function coerceLegacyAuthStore(raw: unknown): LegacyAuthStore | null {
   if (!raw || typeof raw !== "object") {
     return null;
   }

src/agents/auth-profiles/policy.ts

@@ -95,7 +95,7 @@ function collectOAuthModeSecretRefViolations(params: {
   }
 }
 
-export function collectOAuthSecretRefPolicyViolations(params: {
+function collectOAuthSecretRefPolicyViolations(params: {
   store: AuthProfileStore;
   cfg?: OpenClawConfig;
   profileIds?: Iterable<string>;